CVE-2017-10930
First published: Tue Sep 19 2017(Updated: )
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Zxr10 1800-2s Firmware | <=- | |
| ZTE ZXR10 1800-2S |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-10930?
CVE-2017-10930 is considered a high severity vulnerability due to the potential for unauthorized access to sensitive configuration files.
How do I fix CVE-2017-10930?
To fix CVE-2017-10930, upgrade the ZXR10 1800-2S firmware to version v3.00.40 or later.
Who is affected by CVE-2017-10930?
The vulnerability CVE-2017-10930 affects users of ZTE ZXR10 1800-2S devices running firmware versions before v3.00.40.
What type of information can be stolen due to CVE-2017-10930?
Due to CVE-2017-10930, unauthorized actors can potentially download sensitive configuration files, including administrator accounts and passwords.
Is there a workaround for CVE-2017-10930?
There is no specific workaround for CVE-2017-10930; the recommended action is to upgrade the firmware as soon as possible.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/zte
- canonical/zte zxr10 1800-2s firmware
- version/zte zxr10 1800-2s firmware/-
- canonical/zte zxr10 1800-2s