CVE-2022-23144
high-risk
Published 2022-09-23
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Do I need to act?
-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10
Critical
NETWORK
/ LOW complexity
Affected Products (15)
Zxa10 B76Hv3 Firmware
Zxa10 B766V2 Firmware
Zxa10 B800V2 Firmware
Zxa10 B860Av2.1 Firmware
Zxa10 B860H Firmware
Zxa10 B866V2-H Firmware
Zxa10 B866V5-W10 Firmware
Zxa10 B960Gv1 Firmware
Zxa10 B710C-A12 Firmware
Zxa10 B710S2-A19 Firmware
Zxa10 B836Ct-A15 Firmware
Zxa10 S100V Firmware
Zxa10 S200A Firmware
Zxa10 S200T Firmware
Zxa10 B700V7 Firmware
Affected Vendors
References (2)
50
/ 100
high-risk
Severity
31/34 · Critical
Exploitability
1/34 · Minimal
Exposure
18/34 · Moderate