Sign-up

ID

VAR-201205-0159


CVE

CVE-2012-2949


TITLE

ZTE Score M On the device Android for ZTE sync_agent Vulnerability gained in the program

Trust: 0.8

sources: JVNDB: JVNDB-2012-002572

DESCRIPTION

The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application. ZTE Score M is an Android smartphone. ZTE Score M is prone to a security-bypass vulnerability caused by a hard-coded password. An attacker can exploit this issue by enticing an unsuspecting victim to install a malicious application on the device. Successful attacks can allow a remote attacker to gain unauthorized root access to the vulnerable device. The vulnerability stems from the use of a hardcoded ztex1609523 password to control access to commands

Trust: 2.52

sources: NVD: CVE-2012-2949 // JVNDB: JVNDB-2012-002572 // CNVD: CNVD-2012-3010 // BID: 54079 // VULHUB: VHN-56230

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-3010

AFFECTED PRODUCTS

vendor:ztemodel:score mscope:eqversion: -

Trust: 1.0

vendor:ztemodel:score mscope:eqversion:2.3.4

Trust: 0.8

vendor:ztemodel:score mscope: - version: -

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:2.3.4

Trust: 0.6

sources: CNVD: CNVD-2012-3010 // JVNDB: JVNDB-2012-002572 // CNNVD: CNNVD-201205-518 // NVD: CVE-2012-2949

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2949
value: HIGH

Trust: 1.0

NVD: CVE-2012-2949
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201205-518
value: CRITICAL

Trust: 0.6

VULHUB: VHN-56230
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-2949
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56230
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56230 // JVNDB: JVNDB-2012-002572 // CNNVD: CNNVD-201205-518 // NVD: CVE-2012-2949

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-56230 // JVNDB: JVNDB-2012-002572 // NVD: CVE-2012-2949

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-518

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201205-518

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002572

PATCH
title:ZTE Score Murl:http://www.metropcs.com/metro/detail/ZTE+Score%E2%84%A2+M/ZTEX500M
Trust: 0.8
title:Top Pageurl:http://wwwen.zte.com.cn
Trust: 0.8
title:ZTE Score M mobile hard coded vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/17678
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-3010 // 
            
            
            
            JVNDB: JVNDB-2012-002572

EXTERNAL IDS
db:NVDid:CVE-2012-2949
Trust: 3.4
db:JVNDBid:JVNDB-2012-002572
Trust: 0.8
db:CNNVDid:CNNVD-201205-518
Trust: 0.7
db:CNVDid:CNVD-2012-3010
Trust: 0.6
db:NSFOCUSid:19858
Trust: 0.6
db:BIDid:54079
Trust: 0.4
db:VULHUBid:VHN-56230
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-3010 // 
            
            
            
            VULHUB: VHN-56230 // 
            
            
            
            BID: 54079 // 
            
            
            
            JVNDB: JVNDB-2012-002572 // 
            
            
            
            CNNVD: CNNVD-201205-518 // 
            
            
            
            NVD: CVE-2012-2949

REFERENCES
url:http://www.reuters.com/article/2012/05/18/us-zte-phone-idusbre84h08j20120518
Trust: 2.5
url:http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability
Trust: 1.7
url:http://www.pcmag.com/article2/0,2817,2404639,00.asp
Trust: 1.5
url:http://www.pcmag.com/article2/0%2c2817%2c2404639%2c00.asp
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2949
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2949
Trust: 0.8
url:http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/19858
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-3010 // 
            
            
            
            VULHUB: VHN-56230 // 
            
            
            
            JVNDB: JVNDB-2012-002572 // 
            
            
            
            CNNVD: CNNVD-201205-518 // 
            
            
            
            NVD: CVE-2012-2949

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 54079

SOURCES
db:CNVDid:CNVD-2012-3010
db:VULHUBid:VHN-56230
db:BIDid:54079
db:JVNDBid:JVNDB-2012-002572
db:CNNVDid:CNNVD-201205-518
db:NVDid:CVE-2012-2949

LAST UPDATE DATE
2025-04-11T23:12:08.026000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-3010date:2012-06-05T00:00:00
db:VULHUBid:VHN-56230date:2012-05-30T00:00:00
db:BIDid:54079date:2015-03-19T08:12:00
db:JVNDBid:JVNDB-2012-002572date:2012-05-31T00:00:00
db:CNNVDid:CNNVD-201205-518date:2012-05-30T00:00:00
db:NVDid:CVE-2012-2949date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-3010date:2012-06-05T00:00:00
db:VULHUBid:VHN-56230date:2012-05-29T00:00:00
db:BIDid:54079date:2012-06-19T00:00:00
db:JVNDBid:JVNDB-2012-002572date:2012-05-31T00:00:00
db:CNNVDid:CNNVD-201205-518date:2012-05-30T00:00:00
db:NVDid:CVE-2012-2949date:2012-05-29T19:55:01.650