Vulnerability CVE-2017-10931


Published: 2017-09-19

Description:
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
ZTE -> Zxr10 1800-2s firmware 

 References:
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262

Copyright 2024, cxsecurity.com

 

Back to Top