{"containers": {"cna": {"affected": [{"product": "ZXvSTB", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions up to ZXvSTB-CAMSV2.01.02.01"}]}], "descriptions": [{"lang": "en", "value": "There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system."}], "problemTypes": [{"descriptions": [{"description": "access control vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T14:11:59", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2022-23144", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ZXvSTB", "version": {"version_data": [{"version_value": "All versions up to ZXvSTB-CAMSV2.01.02.01"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "access control vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224", "refsource": "MISC", "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224"}]}}}}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2022-23144", "datePublished": "2022-09-23T14:11:59", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2022-09-23T14:11:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b76hv3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB8ADD9F-4B16-4440-AEEC-763365BB7285", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b76hv3:-:*:*:*:*:*:*:*", "matchCriteriaId": "B341B3D2-9D8E-4920-B766-8B62FCA39830", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b766v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70719499-CFC5-4E37-BD1F-257B30274A43", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b766v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6EB77DA4-4579-4B07-B9D2-A7968A36C86E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b800v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A11533C-0675-4C13-98A9-FF7E0205230D", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b800v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC97D0BF-385E-465E-B123-3DAD8990424C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b860av2.1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D79EC4AD-7E6D-46BB-96A5-70D087B29BEE", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b860av2.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC22B664-CC69-49C7-9B19-BDA36BDEB5BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b860h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "146B2AFC-B4A8-48D3-B036-55D0130736F5", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b860h:-:*:*:*:*:*:*:*", "matchCriteriaId": "05F076F3-C30E-4D98-8FC2-D6AE83068E51", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b866v2-h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E743BF1-85E4-485E-97FE-AD882AE3701E", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b866v2-h:-:*:*:*:*:*:*:*", "matchCriteriaId": "6281D861-1C83-42B2-B715-700AC045A9D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b866v5-w10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "40CFE7A9-37F3-496C-816B-B92DB455FDFC", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b866v5-w10:-:*:*:*:*:*:*:*", "matchCriteriaId": "C49BCB3D-49EF-4C9A-BE5B-D5F754943071", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b960gv1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC1F9FAF-408E-4923-BC28-8D559EF02E71", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b960gv1:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A078214-97A8-4CA1-BCC2-2F27F9699A72", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b710c-a12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "548B39A3-1ED0-4C9A-9E21-1AAF061B2F10", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b710c-a12:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB4A9406-40E1-4012-9C63-F27427A81B8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b710s2-a19_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "16BAE4B6-2D36-4A62-9295-A21C93952820", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b710s2-a19:-:*:*:*:*:*:*:*", "matchCriteriaId": "9055C616-12CE-471C-A1F5-88324BD2000A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b836ct-a15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "62288204-DA37-49B3-A0F2-8D356A7175D4", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b836ct-a15:-:*:*:*:*:*:*:*", "matchCriteriaId": "7093877F-010E-415F-8C47-514882DA96A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_s100v_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D3BD3DD-A4D7-444B-9989-5301F9C5BDCF", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_s100v:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7C845AE-B97A-4104-A6CA-77720AA01C64", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_s200a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "984F6995-C9A7-49A3-8518-3D0BF5E6F41A", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_s200a:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFBA0AB5-AF7A-427E-A303-37080D5E3E0B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_s200t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B85BB5E-9130-4C5A-86AB-A0B51B4B0155", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_s200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EBF8079-7519-4E88-9621-35009096FF49", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b700v7_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC12D0A2-ACEB-4874-A6CC-A0F741840BAC", "versionEndIncluding": "2.01.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b700v7:-:*:*:*:*:*:*:*", "matchCriteriaId": "08919C9A-99E0-47CF-A51B-BFE842958469", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso rota en el producto ZTE ZXvSTB. Debido a un control de permisos inadecuado, los atacantes podr\u00edan utilizar esta vulnerabilidad para eliminar el tipo de aplicaci\u00f3n por defecto, lo que afecta al uso normal del sistema"}], "id": "CVE-2022-23144", "lastModified": "2023-08-08T14:21:49.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-23T15:15:12.687", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}