Advisory Published
Updated

CVE-2022-23144

First published: Fri Sep 23 2022(Updated: )

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

Credit: psirt@zte.com.cn

Affected SoftwareAffected VersionHow to fix
Zte Zxa10 B76hv3 Firmware<=2.01.02.01
Zte Zxa10 B76hv3
Zte Zxa10 B766v2 Firmware<=2.01.02.01
Zte Zxa10 B766v2
Zte Zxa10 B800v2 Firmware<=2.01.02.01
Zte Zxa10 B800v2
Zte Zxa10 B860av2.1 Firmware<=2.01.02.01
Zte Zxa10 B860av2.1
Zte Zxa10 B860h Firmware<=2.01.02.01
Zte Zxa10 B860h
Zte Zxa10 B866v2-h Firmware<=2.01.02.01
Zte Zxa10 B866v2-h
Zte Zxa10 B866v5-w10 Firmware<=2.01.02.01
Zte Zxa10 B866v5-w10
Zte Zxa10 B960gv1 Firmware<=2.01.02.01
Zte Zxa10 B960gv1
Zte Zxa10 B710c-a12 Firmware<=2.01.02.01
Zte Zxa10 B710c-a12
Zte Zxa10 B710s2-a19 Firmware<=2.01.02.01
Zte Zxa10 B710s2-a19
Zte Zxa10 B836ct-a15 Firmware<=2.01.02.01
Zte Zxa10 B836ct-a15
Zte Zxa10 S100v Firmware<=2.01.02.01
Zte Zxa10 S100v
Zte Zxa10 S200a Firmware<=2.01.02.01
Zte Zxa10 S200a
Zte Zxa10 S200t Firmware<=2.01.02.01
Zte Zxa10 S200t
Zte Zxa10 B700v7 Firmware<=2.01.02.01
Zte Zxa10 B700v7

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-23144?

    CVE-2022-23144 is a broken access control vulnerability in ZTE ZXvSTB product, which allows attackers to delete the default application type and affect the normal use of the system.

  • How does CVE-2022-23144 affect ZTE ZXvSTB product?

    CVE-2022-23144 affects ZTE ZXvSTB product by allowing attackers to delete the default application type, impacting the normal use of the system.

  • What is the severity of CVE-2022-23144?

    The severity of CVE-2022-23144 is critical with a severity value of 9.1.

  • How can I fix CVE-2022-23144?

    To fix CVE-2022-23144, it is recommended to apply the necessary security patches or updates provided by ZTE.

  • Where can I find more information about CVE-2022-23144?

    You can find more information about CVE-2022-23144 on the ZTE support website at [link](https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203