CVE-2022-39071 - OpenCVE

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zte	Blade V30 Vita Blade V20 Smart Firmware Blade A5 2020 Firmware Blade V30 Firmware Blade A31 Plus Firmware Blade V40 Vita Blade L210 Blade V20 Smart V40 Pro Firmware Blade A7s Blade A72 Firmware Blade A3 Lite Blade A52 Blade A5 2020 Blade A5 2019 Blade A31 Firmware Blade A31 Plus Axon 40 Ultra Firmware Blade A72 Blade A5 2019 Firmware Blade A71 Firmware Blade A71 Blade V30 Vita Firmware Blade A52 Firmware Axon 40 Ultra Blade V40 Vita Firmware Blade A51 Blade A31 Blade L210 Firmware Blade A7s Firmware Blade A3 Lite Firmware V40 Pro Blade V30 Blade A51 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zte

Published: 2023-05-30T00:00:00

Updated: 2023-05-30T00:00:00

Reserved: 2022-08-31T00:00:00

Link: CVE-2022-39071

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-30T23:15:09.273

Modified: 2023-06-07T14:40:35.163

Link: CVE-2022-39071

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other