PT-2018-18053 · Zte · Zte Zxv10 B860Av2.1
Published
2018-12-28
·
Updated
2019-10-09
·
CVE-2018-7366
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the BESTV versions up to V1.2.2
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the WASU versions up to V1.1.7
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the MGTV versions up to V1.4.6
Description
The issue is related to an authentication bypass, which may allow an unauthorized user to perform unauthorized operations.
Recommendations
For ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, update to a version later than V1.3.3.
For ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the BESTV versions up to V1.2.2, update to a version later than V1.2.2.
For ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the WASU versions up to V1.1.7, update to a version later than V1.1.7.
For ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the MGTV versions up to V1.4.6, update to a version later than V1.4.6.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zte Zxv10 B860Av2.1