CVE-2024-22064

Name of the Vulnerable Software and Affected Versions ZTE ZXUN-ePDG product versions up to 5.20.19

Description The ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, uses a set of non-unique cryptographic keys by default configuration when establishing a secure connection with mobile devices. If the set of keys is leaked or cracked, user session information may be compromised.

Recommendations For ZTE ZXUN-ePDG product versions up to 5.20.19, patch the system immediately to prevent potential compromise. As a temporary workaround, consider auditing network access to minimize the risk of exploitation. Restrict access to the system until a patch is applied to prevent system compromise. At the moment, there is no information about a newer version that contains a fix for this vulnerability.