ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
References
Link | Resource |
---|---|
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: zte
Published: 2022-05-12T19:26:38
Updated: 2022-05-12T19:26:38
Reserved: 2022-01-11T00:00:00
Link: CVE-2022-23139
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-12T20:15:15.183
Modified: 2022-05-23T19:21:34.603
Link: CVE-2022-23139
JSON object: View
Redhat Information
No data.
CWE