PT-2023-14703 · Shenzhen Zhiboton Electronics · Zbt We1626 Router

Published

2023-03-03

Updated

2025-03-07

CVE-2022-45552

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Shenzhen Zhiboton Electronics ZBT WE1626 Router version 21.06.18

Description The issue allows attackers to obtain sensitive information via the SPI bus interface connected to the pinout of the NAND flash memory. This is due to an Insecure Permissions vulnerability.

Recommendations For Shenzhen Zhiboton Electronics ZBT WE1626 Router version 21.06.18, consider restricting access to the SPI bus interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2022-45552

Affected Products

Zbt We1626 Router

PT-2023-14703 · Shenzhen Zhiboton Electronics · Zbt We1626 Router

CVE-2022-45552

Weakness Enumeration

Related Identifiers

Affected Products

References · 8