CVE-2019-3420 - OpenCVE

All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Zte	Zxhn H108n Firmware Zxhn H108n

Configuration 1 [-]

AND

cpe:2.3:o:zte:zxhn_h108n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*

References

Link	Resource
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zte

Published: 2019-11-13T22:29:36

Updated: 2020-02-27T16:56:35

Reserved: 2018-12-31T00:00:00

Link: CVE-2019-3420

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-11-13T23:15:11.637

Modified: 2022-03-31T18:12:11.517

Link: CVE-2019-3420

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h108n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06D70B60-FAF2-4E29-B361-FD2A6A4B9FC5", "versionEndIncluding": "2.5.0_eg1t5_ted", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", "matchCriteriaId": "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations."}, {"lang": "es", "value": "Todas las versiones hasta V2.5.0_EG1T5_TED del producto ZTE ZXHN H108N se ven afectadas por una vulnerabilidad de fuga de informaci\u00f3n. Un atacante podr\u00eda explotar la vulnerabilidad para obtener informaci\u00f3n confidencial y realizar operaciones no autorizadas."}], "id": "CVE-2019-3420", "lastModified": "2022-03-31T18:12:11.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-13T23:15:11.637", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}