CVE-2018-7357

high-risk

Published 2018-11-14

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.

Do I need to act?

39.2% chance of exploitation in next 30 days

EPSS score — higher than 61% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45972

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (4)

Zxhn H168N Firmware

Affected Vendors

Zte

References (4)

Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523

Exploit https://www.exploit-db.com/exploits/45972/

Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523

Exploit https://www.exploit-db.com/exploits/45972/

/ 100

high-risk

Severity 21/34 · High

Exploitability 24/34 · High

Exposure 10/34 · Low