CVE-2022-23144

Description

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

Related CPE's

oztezxa10_b76hv3_firmware********

hztezxa10_b76hv3-*******

oztezxa10_b766v2_firmware********

hztezxa10_b766v2-*******

oztezxa10_b800v2_firmware********

hztezxa10_b800v2-*******

oztezxa10_b860av2.1_firmware********

hztezxa10_b860av2.1-*******

oztezxa10_b860h_firmware********

hztezxa10_b860h-*******

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io