All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.
References
Link | Resource |
---|---|
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: zte
Published: 2018-11-16T15:00:00
Updated: 2018-11-16T14:57:01
Reserved: 2018-02-22T00:00:00
Link: CVE-2018-7363
JSON object: View
NVD Information
Status : Modified
Published: 2018-11-16T15:29:00.517
Modified: 2019-10-09T23:42:16.410
Link: CVE-2018-7363
JSON object: View
Redhat Information
No data.
CWE