CVE-2018-7364

critical

Description

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

Details

Source: Mitre, NVD

Published: 2018-12-07

Updated: 2023-03-01

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical