CVE-2018-7358

high-risk

Published 2018-11-14

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.

Do I need to act?

28.6% chance of exploitation in next 30 days

EPSS score — higher than 71% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45972

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (4)

Zxhn H168N Firmware

Affected Vendors

Zte

References (6)

Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523

Third Party Advisory http://www.securityfocus.com/bid/105963

Exploit https://www.exploit-db.com/exploits/45972/

Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523

Third Party Advisory http://www.securityfocus.com/bid/105963

Exploit https://www.exploit-db.com/exploits/45972/

/ 100

high-risk

Severity 21/34 · High

Exploitability 22/34 · High

Exposure 10/34 · Low