Vulnerability Description
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxa10 C350M Firmware | >= 2.1.0, < 2.1.0xgp002.4 |
| Zte | Zxa10 C350M | - |
| Zte | Zxa10 C300M Firmware | >= 2.1.0, < 2.1.0xgp002.4 |
| Zte | Zxa10 C300M | - |
Related Weaknesses (CWE)
References
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824Vendor Advisory
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824Vendor Advisory
FAQ
What is CVE-2022-39070?
CVE-2022-39070 is a vulnerability with a CVSS score of 9.8 (CRITICAL). There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any ope...
How severe is CVE-2022-39070?
CVE-2022-39070 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-39070?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxa10 C350M Firmware, Zte Zxa10 C350M, Zte Zxa10 C300M Firmware, Zte Zxa10 C300M.