CVE-2024-22063

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zte:zenic_one_r58:*:*:*:*:*:*:*:*

History

28 Jan 2025, 17:05

Type	Values Removed	Values Added
Summary		(es) Los productos ZENIC ONE R58 de ZTE Corporation tienen una vulnerabilidad de inyección de comandos. Un atacante autenticado puede aprovechar esta vulnerabilidad para manipular mensajes, inyectar código malicioso y, posteriormente, lanzar ataques a los dispositivos relacionados.
First Time		Zte Zte zenic One R58
References	~~() https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521 -~~	() https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521 - Vendor Advisory
CPE		cpe:2.3:a:zte:zenic_one_r58::::::::

30 Dec 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-30 10:15

Updated : 2025-01-28 17:05

NVD link : CVE-2024-22063

Mitre link : CVE-2024-22063

CVE.ORG link : CVE-2024-22063

JSON object : View

Products Affected

zte

zenic_one_r58

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2024-22063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@zte.com.cn", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2024-12-30T10:15:05.867", "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@zte.com.cn", "description": [{"lang": "en", "value": "CWE-1236"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices."}, {"lang": "es", "value": "Los productos ZENIC ONE R58 de ZTE Corporation tienen una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante autenticado puede aprovechar esta vulnerabilidad para manipular mensajes, inyectar c\u00f3digo malicioso y, posteriormente, lanzar ataques a los dispositivos relacionados."}], "lastModified": "2025-01-28T17:05:45.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zenic_one_r58:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F4F12D1-1686-4488-80F9-590DCB68CF41", "versionEndExcluding": "16.24.40"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@zte.com.cn"}