CVE-2019-3428
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage.
La versión V6.01.03.01 del producto ZTE ZXCDN IAMWEB se ve afectada por una vulnerabilidad de error de configuración. Un atacante podría acceder directamente al portal de administración en HTTP, lo que provocaría una fuga de información de los usuarios.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-31 CVE Reserved
- 2019-11-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863 | 2022-03-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxcdn Iamweb Firmware Search vendor "Zte" for product "Zxcdn Iamweb Firmware" | 6.01.03.01 Search vendor "Zte" for product "Zxcdn Iamweb Firmware" and version "6.01.03.01" | - |
Affected
| in | Zte Search vendor "Zte" | Zxcdn Iamweb Search vendor "Zte" for product "Zxcdn Iamweb" | - | - |
Safe
|