Vulnerability Description
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxin10 | < resv1.01.44 |
Related Weaknesses (CWE)
References
- http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-ExploitThird Party Advisory
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943Vendor Advisory
- http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-ExploitThird Party Advisory
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943Vendor Advisory
FAQ
What is CVE-2018-7364?
CVE-2018-7364 is a vulnerability with a CVSS score of 9.8 (CRITICAL). All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorize...
How severe is CVE-2018-7364?
CVE-2018-7364 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7364?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxin10.