First published: Fri Sep 23 2022(Updated: )
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxa10 B76hv3 Firmware | <=2.01.02.01 | |
Zte Zxa10 B76hv3 | ||
Zte Zxa10 B766v2 Firmware | <=2.01.02.01 | |
Zte Zxa10 B766v2 | ||
Zte Zxa10 B800v2 Firmware | <=2.01.02.01 | |
Zte Zxa10 B800v2 | ||
Zte Zxa10 B860av2.1 Firmware | <=2.01.02.01 | |
Zte Zxa10 B860av2.1 | ||
Zte Zxa10 B860h Firmware | <=2.01.02.01 | |
Zte Zxa10 B860h | ||
Zte Zxa10 B866v2-h Firmware | <=2.01.02.01 | |
Zte Zxa10 B866v2-h | ||
Zte Zxa10 B866v5-w10 Firmware | <=2.01.02.01 | |
Zte Zxa10 B866v5-w10 | ||
Zte Zxa10 B960gv1 Firmware | <=2.01.02.01 | |
Zte Zxa10 B960gv1 | ||
Zte Zxa10 B710c-a12 Firmware | <=2.01.02.01 | |
Zte Zxa10 B710c-a12 | ||
Zte Zxa10 B710s2-a19 Firmware | <=2.01.02.01 | |
Zte Zxa10 B710s2-a19 | ||
Zte Zxa10 B836ct-a15 Firmware | <=2.01.02.01 | |
Zte Zxa10 B836ct-a15 | ||
Zte Zxa10 S100v Firmware | <=2.01.02.01 | |
Zte Zxa10 S100v | ||
Zte Zxa10 S200a Firmware | <=2.01.02.01 | |
Zte Zxa10 S200a | ||
Zte Zxa10 S200t Firmware | <=2.01.02.01 | |
Zte Zxa10 S200t | ||
Zte Zxa10 B700v7 Firmware | <=2.01.02.01 | |
Zte Zxa10 B700v7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23144 is a broken access control vulnerability in ZTE ZXvSTB product, which allows attackers to delete the default application type and affect the normal use of the system.
CVE-2022-23144 affects ZTE ZXvSTB product by allowing attackers to delete the default application type, impacting the normal use of the system.
The severity of CVE-2022-23144 is critical with a severity value of 9.1.
To fix CVE-2022-23144, it is recommended to apply the necessary security patches or updates provided by ZTE.
You can find more information about CVE-2022-23144 on the ZTE support website at [link](https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224).