CVE-2018-7366 — MEDIUM (4.3)

Q: How severe is CVE-2018-7366?

CVE-2018-7366 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-7366?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxv10 B860Av2.1 Chinamobile Firmware, Zte Zxv10 B860Av2.1 Chinamobile.

Vulnerability Description

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Zte	Zxv10 B860Av2.1 Chinamobile Firmware	< icnt_v1.3.3
Zte	Zxv10 B860Av2.1 Chinamobile	-

Related Weaknesses (CWE)

CWE-863

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010023Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010023Vendor Advisory

FAQ

What is CVE-2018-7366?

CVE-2018-7366 is a vulnerability with a CVSS score of 4.3 (MEDIUM). ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentic...

How severe is CVE-2018-7366?

CVE-2018-7366 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7366?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxv10 B860Av2.1 Chinamobile Firmware, Zte Zxv10 B860Av2.1 Chinamobile.