{"containers": {"cna": {"affected": [{"product": "ZXMP M721", "vendor": "n/a", "versions": [{"status": "affected", "version": "COMMOND21BOOTV100004_LS1045"}]}], "descriptions": [{"lang": "en", "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "information leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-15T14:44:50", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2022-23141", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ZXMP M721", "version": {"version_data": [{"version_value": "COMMOND21BOOTV100004_LS1045"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information leak"}]}]}, "references": {"reference_data": [{"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264", "refsource": "MISC", "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"}]}}}}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2022-23141", "datePublished": "2022-07-15T14:44:50", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2022-07-15T14:44:50", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*", "matchCriteriaId": "DB41C198-1156-4112-96C5-AC9B1026B46B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEC586E9-E8FA-4988-8CD0-334A1F73BC61", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."}, {"lang": "es", "value": "ZXMP M721 presenta una vulnerabilidad de filtrado de informaci\u00f3n. Dado que la autenticaci\u00f3n del puerto serie en la interfaz ZBOOT no es efectiva aunque est\u00e9 habilitada, un atacante podr\u00eda usar esta vulnerabilidad para iniciar sesi\u00f3n en el dispositivo y obtener informaci\u00f3n confidencial"}], "id": "CVE-2022-23141", "lastModified": "2022-07-22T16:24:27.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-15T15:15:08.097", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}