Vulnerability Description
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxhn F677 Firmware | < 9.0.0p1n29 |
| Zte | Zxhn F677 | - |
| Zte | Zxhn F477 Firmware | < 9.0.0p1n29 |
| Zte | Zxhn F477 | - |
Related Weaknesses (CWE)
References
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444Vendor Advisory
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444Vendor Advisory
FAQ
What is CVE-2022-23135?
CVE-2022-23135 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify...
How severe is CVE-2022-23135?
CVE-2022-23135 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23135?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxhn F677 Firmware, Zte Zxhn F677, Zte Zxhn F477 Firmware, Zte Zxhn F477.