CVE-2024-22068
Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router
Severity Score
6.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
La vulnerabilidad de administraciĆ³n de privilegios incorrecta en las series ZTE ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160 en 64 bits permite la omisiĆ³n de funcionalidad. Este problema afecta a las series ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160: V4.00.10 y anteriores.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-05 CVE Reserved
- 2024-10-10 CVE Published
- 2024-10-10 CVE Updated
- 2025-06-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
- CAPEC-554: Functionality Bypass
References (1)
| URL | Tag | Source |
|---|---|---|
| https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxr10 1800-2s Search vendor "Zte" for product "Zxr10 1800-2s" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxr10 160 Firmware Search vendor "Zte" for product "Zxr10 160 Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxr10 1800-2s Firmware Search vendor "Zte" for product "Zxr10 1800-2s Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxr10 2800-4 Firmware Search vendor "Zte" for product "Zxr10 2800-4 Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxr10 3800-8 Firmware Search vendor "Zte" for product "Zxr10 3800-8 Firmware" | * | - |
Affected
| ||||||