CVE-2022-23141
https://notcve.org/view.php?id=CVE-2022-23141
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. ZXMP M721 presenta una vulnerabilidad de filtrado de información. Dado que la autenticación del puerto serie en la interfaz ZBOOT no es efectiva aunque esté habilitada, un atacante podría usar esta vulnerabilidad para iniciar sesión en el dispositivo y obtener información confidencial • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-23139
https://notcve.org/view.php?id=CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification? • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444 • CWE-863: Incorrect Authorization •
CVE-2019-3419
https://notcve.org/view.php?id=CVE-2019-3419
A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service. Se presenta una vulnerabilidad de seguridad en un puerto de administración en la versión M721V3.10P01B10_M2NCP del dispositivo ZXMP de ZTE. Un atacante podría explotar esta vulnerabilidad para construir un enlace en el dispositivo y enviar paquetes específicos para causar una denegación de servicio. • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011542 •