CVE-2012-2949

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.

El programa sync_agent ZTE para Android v2.3.4 en el dispositivo Score M utiliza una contraseña codificada ztex1609523 para controlar el acceso a los comandos, permitiendo a atacantes remotos ganar privilegios a través de una aplicación manipulada.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-05-29 CVE Reserved
2012-05-29 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (3)

URL	Tag	Source
http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability	X_refsource_misc
http://www.pcmag.com/article2/0%2C2817%2C2404639%2C00.asp	X_refsource_misc
http://www.reuters.com/article/2012/05/18/us-zte-phone-idUSBRE84H08J20120518	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zte Search vendor "Zte"	Score M Search vendor "Zte" for product "Score M"	-	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	2.3.4 Search vendor "Google" for product "Android" and version "2.3.4"	-	Safe