What is CVE-2022-39071 about?

CVE-2022-39071 is an unauthorized access vulnerability in some ZTE mobile phones that allows a malicious application to overwrite system configuration files and user installers without user permission.

Which ZTE mobile phones are affected by CVE-2022-39071?

ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 2019, ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, and ZTE Axon 40 Ultra are affected by CVE-2022-39071.

What is the severity of CVE-2022-39071?

CVE-2022-39071 has a severity rating of 7.1, which is classified as high.

How can I fix CVE-2022-39071?

To fix CVE-2022-39071, ZTE mobile phone users should install the latest firmware update provided by ZTE to patch the vulnerability.

Where can I find more information about CVE-2022-39071?

You can find more information about CVE-2022-39071 on the ZTE support website at https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664.

Vulnerability/
CVE-2022-39071

high

7.1

30/5/2023

13/1/2025

CVE-2022-39071

First published: Tue May 30 2023(Updated: )

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.

Credit: psirt@zte.com.cn psirt@zte.com.cn

Affected Software	Affected Version	How to fix
ZTE Blade A52 Firmware	<m02
ZTE Blade A52 Firmware
Zte Blade A51 Firmware	<m07
Zte Blade A51 Firmware
ZTE Blade A3 Lite	<m09
ZTE Blade A3 Lite Firmware
ZTE Blade A5 2020 Firmware	<m05
ZTE Blade A5 2020 Firmware
ZTE Blade L210 Firmware	<1.14
ZTE Blade L210 Firmware
ZTE Blade A7s Firmware	<2.2
ZTE Blade A7s Firmware
ZTE Blade A31 Plus	<m03
ZTE Blade A31 Firmware
ZTE Blade A31 Plus Firmware	<m04
ZTE Blade A31 Plus Firmware
ZTE Blade A5 2019	<m13
ZTE Blade A5 2019
ZTE Blade A71	<2.4
ZTE Blade A71 Firmware
ZTE Blade A72 Firmware	<11.0.3
ZTE Blade A72 Firmware
Zte Blade V20 Smart	<1.14
ZTE Blade V20 Smart Firmware
ZTE Blade V30 Firmware	<1.11
ZTE Blade V30 Firmware
ZTE Blade V30 Vita	<1.11
ZTE Blade V30 Vita Firmware
Zte V40 Pro	<11.0.4_9046
ZTE V40 Pro
ZTE Blade V40 Vita	<11.0.2_8045
ZTE Blade V40 Vita Firmware
ZTE Axon 40 Ultra	<1.0.0b26
ZTE Axon 40 Ultra Firmware
All of
ZTE Blade A52 Firmware	<m02
ZTE Blade A52 Firmware
All of
ZTE Blade A51 Firmware	<m07
ZTE Blade A51 Firmware
All of
ZTE Blade A3 Lite	<m09
ZTE Blade A3 Lite Firmware
All of
ZTE Blade A5 2020 Firmware	<m05
ZTE Blade A5 2020 Firmware
All of
ZTE Blade L210 Firmware	<1.14
ZTE Blade L210 Firmware
All of
ZTE Blade A7s Firmware	<2.2
ZTE Blade A7s Firmware
All of
ZTE Blade A31 Plus	<m03
ZTE Blade A31 Firmware
All of
ZTE Blade A31 Plus Firmware	<m04
ZTE Blade A31 Plus Firmware
All of
ZTE Blade A5 2019	<m13
ZTE Blade A5 2019
All of
ZTE Blade A71	<2.4
ZTE Blade A71 Firmware
All of
ZTE Blade A72 Firmware	<11.0.3
ZTE Blade A72 Firmware
All of
Zte Blade V20 Smart	<1.14
ZTE Blade V20 Smart Firmware
All of
ZTE Blade V30 Firmware	<1.11
ZTE Blade V30 Firmware
All of
ZTE Blade V30 Vita	<1.11
ZTE Blade V30 Vita Firmware
All of
Zte V40 Pro	<11.0.4_9046
ZTE V40 Pro
All of
ZTE Blade V40 Vita	<11.0.2_8045
ZTE Blade V40 Vita Firmware
All of
ZTE Axon 40 Ultra	<1.0.0b26
ZTE Axon 40 Ultra Firmware

Never miss a vulnerability like this again

Reference Links

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664

Frequently Asked Questions

What is CVE-2022-39071 about?
CVE-2022-39071 is an unauthorized access vulnerability in some ZTE mobile phones that allows a malicious application to overwrite system configuration files and user installers without user permission.
Which ZTE mobile phones are affected by CVE-2022-39071?
ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 2019, ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, and ZTE Axon 40 Ultra are affected by CVE-2022-39071.
What is the severity of CVE-2022-39071?
CVE-2022-39071 has a severity rating of 7.1, which is classified as high.
How can I fix CVE-2022-39071?
To fix CVE-2022-39071, ZTE mobile phone users should install the latest firmware update provided by ZTE to patch the vulnerability.
Where can I find more information about CVE-2022-39071?
You can find more information about CVE-2022-39071 on the ZTE support website at https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664.