CVE-2024-22067: ZTE NH8091 product has an improper permission control vulnerability
First published: Mon Nov 18 2024(Updated: )
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Zte Nh8091 Firmware | =znh8091v1.8 | |
| ZTE NH8091 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22067?
CVE-2024-22067 is classified as a high-severity vulnerability due to its potential for allowing arbitrary command execution.
How do I fix CVE-2024-22067?
To fix CVE-2024-22067, update the ZTE NH8091 firmware to the latest version that addresses this improper permission control issue.
Who is affected by CVE-2024-22067?
The ZTE NH8091 devices running firmware version znh8091v1.8 are affected by CVE-2024-22067.
What can an attacker do with CVE-2024-22067?
An authenticated attacker can exploit CVE-2024-22067 to execute arbitrary commands on the affected ZTE NH8091 device.
Is authentication required to exploit CVE-2024-22067?
Yes, an attacker must be authenticated to exploit the improper permission control vulnerability in CVE-2024-22067.
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/source
- vendor/zte
- canonical/zte nh8091 firmware
- version/zte nh8091 firmware/znh8091v1.8
- canonical/zte nh8091