CVE-2022-23139 Information

Description

ZTE’s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666 which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration so that low-authority accounts could actually obtain higher operating permissions on key files.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8