| |
Vulnerability CVE-2018-7364
Published: 2018-12-07
| Description: |
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. |
Type:
CWE-284 (Improper Access Control)
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
10/10 |
10/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
