CVE-2024-22066

There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*

History

08 Nov 2024, 14:31

Type Values Removed Values Added
CPE cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 6.5
First Time Zte
Zte zxr10 3800-8 Firmware
Zte zxr10 3800-8
Zte zxr10 1800-2s Firmware
Zte zxr10 2800-4 Firmware
Zte zxr10 1800-2s
Zte zxr10 160 Firmware
Zte zxr10 160
Zte zxr10 2800-4
References () https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590 - () https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590 - Vendor Advisory

29 Oct 2024, 14:34

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de escalada de privilegios en el enrutador multiservicio inteligente ZTE ZXR10 ZSR V2. Un atacante autenticado podría usar la vulnerabilidad para obtener información confidencial sobre el dispositivo.

29 Oct 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 09:15

Updated : 2024-11-08 14:31


NVD link : CVE-2024-22066

Mitre link : CVE-2024-22066

CVE.ORG link : CVE-2024-22066


JSON object : View

Products Affected

zte

  • zxr10_2800-4
  • zxr10_3800-8
  • zxr10_3800-8_firmware
  • zxr10_2800-4_firmware
  • zxr10_160
  • zxr10_160_firmware
  • zxr10_1800-2s
  • zxr10_1800-2s_firmware
CWE
CWE-294

Authentication Bypass by Capture-replay