CVE-2022-23144 — CRITICAL (9.1)

Q: How severe is CVE-2022-23144?

CVE-2022-23144 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-23144?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxa10 B76Hv3 Firmware, Zte Zxa10 B76Hv3, Zte Zxa10 B766V2 Firmware, Zte Zxa10 B766V2, Zte Zxa10 B800V2 Firmware.

Vulnerability Description

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zte	Zxa10 B76Hv3 Firmware	<= 2.01.02.01
Zte	Zxa10 B76Hv3	-
Zte	Zxa10 B766V2 Firmware	<= 2.01.02.01
Zte	Zxa10 B766V2	-
Zte	Zxa10 B800V2 Firmware	<= 2.01.02.01
Zte	Zxa10 B800V2	-
Zte	Zxa10 B860Av2.1 Firmware	<= 2.01.02.01
Zte	Zxa10 B860Av2.1	-
Zte	Zxa10 B860H Firmware	<= 2.01.02.01
Zte	Zxa10 B860H	-
Zte	Zxa10 B866V2-H Firmware	<= 2.01.02.01
Zte	Zxa10 B866V2-H	-
Zte	Zxa10 B866V5-W10 Firmware	<= 2.01.02.01
Zte	Zxa10 B866V5-W10	-
Zte	Zxa10 B960Gv1 Firmware	<= 2.01.02.01
Zte	Zxa10 B960Gv1	-
Zte	Zxa10 B710C-A12 Firmware	<= 2.01.02.01
Zte	Zxa10 B710C-A12	-
Zte	Zxa10 B710S2-A19 Firmware	<= 2.01.02.01
Zte	Zxa10 B710S2-A19	-

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224Vendor Advisory

FAQ

What is CVE-2022-23144?

CVE-2022-23144 is a vulnerability with a CVSS score of 9.1 (CRITICAL). There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects n...

How severe is CVE-2022-23144?

CVE-2022-23144 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-23144?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxa10 B76Hv3 Firmware, Zte Zxa10 B76Hv3, Zte Zxa10 B766V2 Firmware, Zte Zxa10 B766V2, Zte Zxa10 B800V2 Firmware.