Details of VAR-201505-0472

ID

VAR-201505-0472

TITLE

ZTE AC3633R Authentication Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-03407

DESCRIPTION

ZTE AC3633R is a wireless modem product of China ZTE Corporation. An authentication bypass vulnerability and remote code execution vulnerability exist in ZTE AC3633R. An attacker could use these vulnerabilities to gain unauthorized access to an affected device and execute arbitrary code in the context of the affected device. It may also cause a denial of service. Failed exploit attempts may result in a denial-of-service condition

Trust: 1.89

sources: CNVD: CNVD-2015-03407 // CNVD: CNVD-2015-03408 // CNNVD: CNNVD-201505-436 // BID: 74734

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2015-03407 // CNVD: CNVD-2015-03408

AFFECTED PRODUCTS

vendor:

zte

model:

ac3633r

scope:

version:

Trust: 1.2

sources: CNVD: CNVD-2015-03407 // CNVD: CNVD-2015-03408

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-03407
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2015-03408
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2015-03407
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-03408
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-03407 // CNVD: CNVD-2015-03408

THREAT TYPE

remote ※ local

Trust: 0.6

sources: CNNVD: CNNVD-201505-436

TYPE

Design Error

Trust: 0.3

sources: BID: 74734

EXTERNAL IDS

db:	BID	id:	74734	Trust: 2.1
db:	CNVD	id:	CNVD-2015-03407	Trust: 0.6
db:	CNVD	id:	CNVD-2015-03408	Trust: 0.6
db:	CNNVD	id:	CNNVD-201505-436	Trust: 0.6

sources: CNVD: CNVD-2015-03407 // CNVD: CNVD-2015-03408 // BID: 74734 // CNNVD: CNNVD-201505-436

REFERENCES

url:

http://www.securityfocus.com/bid/74734

Trust: 1.8

sources: CNVD: CNVD-2015-03407 // CNVD: CNVD-2015-03408 // CNNVD: CNNVD-201505-436

CREDITS

vishnu raju

Trust: 0.9

sources: BID: 74734 // CNNVD: CNNVD-201505-436

SOURCES

db:	CNVD	id:	CNVD-2015-03407
db:	CNVD	id:	CNVD-2015-03408
db:	BID	id:	74734
db:	CNNVD	id:	CNNVD-201505-436

LAST UPDATE DATE

2022-05-17T02:02:28.741000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03407	date:	2015-05-28T00:00:00
db:	CNVD	id:	CNVD-2015-03408	date:	2015-05-28T00:00:00
db:	BID	id:	74734	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-436	date:	2015-05-21T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03407	date:	2015-05-28T00:00:00
db:	CNVD	id:	CNVD-2015-03408	date:	2015-05-28T00:00:00
db:	BID	id:	74734	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-436	date:	2015-05-21T00:00:00