CVE-2022-23139
First published: Thu May 12 2022(Updated: )
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Zxmp M721 Firmware | =5.10.030.006 | |
| Zte Zxmp M721 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-23139?
CVE-2022-23139 is a permission and access control vulnerability in ZTE's ZXMP M721 product.
What is the severity of CVE-2022-23139?
CVE-2022-23139 has a severity rating of 8.8 (high).
Which software version of ZTE's ZXMP M721 is affected by CVE-2022-23139?
The firmware version 5.10.030.006 of ZTE's ZXMP M721 is affected by CVE-2022-23139.
How can the permission and access control vulnerability be exploited?
The vulnerability allows low-authority accounts to ignore the modification of file permission configuration.
Where can I find more information about CVE-2022-23139?
You can find more information about CVE-2022-23139 at the following link: [https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444](https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zte
- canonical/zte zxmp m721 firmware
- version/zte zxmp m721 firmware/5.10.030.006
- canonical/zte zxmp m721