CVE-2024-22069

Summary

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

Affected Software

VendorProductVersion RangeStatus
ZTEZXV10 XT802All versions up to V2.24.10P1 < V2.24.10P1affected
ZTEZXV10 ET301All versions up to V3.22.11P3 < V3.22.11P3affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References