CVE-2022-23141

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-15 15:15

Updated : 2022-07-22 16:24

NVD link : CVE-2022-23141

Mitre link : CVE-2022-23141

CVE.ORG link : CVE-2022-23141

JSON object : View

Products Affected

zte

zxmp_m721_firmware
zxmp_m721

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2022-23141", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-15T15:15:08.097", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."}, {"lang": "es", "value": "ZXMP M721 presenta una vulnerabilidad de filtrado de informaci\u00f3n. Dado que la autenticaci\u00f3n del puerto serie en la interfaz ZBOOT no es efectiva aunque est\u00e9 habilitada, un atacante podr\u00eda usar esta vulnerabilidad para iniciar sesi\u00f3n en el dispositivo y obtener informaci\u00f3n confidencial"}], "lastModified": "2022-07-22T16:24:27.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB41C198-1156-4112-96C5-AC9B1026B46B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEC586E9-E8FA-4988-8CD0-334A1F73BC61"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}

7.5 /10