CVE-2022-39074

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-39074
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-05-30 23:15

Updated : 2023-06-07 14:43

NVD link : CVE-2022-39074

Mitre link : CVE-2022-39074

CVE.ORG link : CVE-2022-39074

JSON object : View

Products Affected

zte

  • blade_a72
  • blade_a5_2019
  • blade_a31_firmware
  • blade_a31
  • v40_pro_firmware
  • blade_a71
  • blade_a7s
  • blade_l210
  • axon_40_ultra_firmware
  • blade_a52
  • blade_a7s_firmware
  • blade_v20_smart
  • blade_a5_2020_firmware
  • blade_l210_firmware
  • blade_a52_firmware
  • blade_v40_vita
  • blade_a5_2020
  • blade_a3_lite_firmware
  • blade_a71_firmware
  • blade_a51
  • axon_40_ultra
  • blade_a72_firmware
  • blade_v30_vita
  • blade_a5_2019_firmware
  • blade_v30_vita_firmware
  • blade_a3_lite
  • v40_pro
  • blade_v20_smart_firmware
  • blade_a31_plus_firmware
  • blade_a51_firmware
  • blade_v30
  • blade_v40_vita_firmware
  • blade_v30_firmware
  • blade_a31_plus
CWE
NVD-CWE-Other