high
7.1
Advisory Published
Updated

CVE-2022-39071

First published: Tue May 30 2023(Updated: )

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.

Credit: psirt@zte.com.cn

Affected SoftwareAffected VersionHow to fix
Zte Blade A52 Firmware<m02
Zte Blade A52
Zte Blade A51 Firmware<m07
Zte Blade A51
Zte Blade A3 Lite Firmware<m09
Zte Blade A3 Lite
Zte Blade A5 2020 Firmware<m05
Zte Blade A5 2020
Zte Blade L210 Firmware<1.14
Zte Blade L210
Zte Blade A7s Firmware<2.2
Zte Blade A7s
Zte Blade A31 Firmware<m03
Zte Blade A31
Zte Blade A31 Plus Firmware<m04
Zte Blade A31 Plus
Zte Blade A5 2019 Firmware<m13
Zte Blade A5 2019
Zte Blade A71 Firmware<2.4
Zte Blade A71
Zte Blade A72 Firmware<11.0.3
Zte Blade A72
Zte Blade V20 Smart Firmware<1.14
Zte Blade V20 Smart
Zte Blade V30 Firmware<1.11
Zte Blade V30
Zte Blade V30 Vita Firmware<1.11
Zte Blade V30 Vita
Zte V40 Pro Firmware<11.0.4_9046
Zte V40 Pro
Zte Blade V40 Vita Firmware<11.0.2_8045
Zte Blade V40 Vita
Zte Axon 40 Ultra Firmware<1.0.0b26
Zte Axon 40 Ultra

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-39071 about?

    CVE-2022-39071 is an unauthorized access vulnerability in some ZTE mobile phones that allows a malicious application to overwrite system configuration files and user installers without user permission.

  • Which ZTE mobile phones are affected by CVE-2022-39071?

    ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 2019, ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, and ZTE Axon 40 Ultra are affected by CVE-2022-39071.

  • What is the severity of CVE-2022-39071?

    CVE-2022-39071 has a severity rating of 7.1, which is classified as high.

  • How can I fix CVE-2022-39071?

    To fix CVE-2022-39071, ZTE mobile phone users should install the latest firmware update provided by ZTE to patch the vulnerability.

  • Where can I find more information about CVE-2022-39071?

    You can find more information about CVE-2022-39071 on the ZTE support website at https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203