Sign-up

ID

VAR-201709-0215


CVE

CVE-2017-10931


TITLE

ZXR10 1800-2S Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008231

DESCRIPTION

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. ZXR10 1800-2S Contains a path traversal vulnerability.Information may be obtained. ZTEZXR101800-2S is a router of ZTE. ZTE ZXR10 1800-2S is a router made by China ZTE Corporation (ZTE). There is a security hole in ZTE ZXR10 1800-2S versions before 3.00.40

Trust: 2.25

sources: NVD: CVE-2017-10931 // JVNDB: JVNDB-2017-008231 // CNVD: CNVD-2017-34594 // VULHUB: VHN-101303

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34594

AFFECTED PRODUCTS

vendor:ztemodel:zxr10 1800-2sscope:ltversion:3.00.40

Trust: 1.8

vendor:ztemodel:zxr10 3800-8scope:ltversion:3.00.40

Trust: 1.0

vendor:ztemodel:zxr10 160scope:ltversion:3.00.40

Trust: 1.0

vendor:ztemodel:zxr10 2800-4scope:ltversion:3.00.40

Trust: 1.0

vendor:ztemodel:zxr10 1800-2sscope:ltversion:v3.00.40

Trust: 0.6

vendor:ztemodel:zxr10 1800-2sscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2017-34594 // JVNDB: JVNDB-2017-008231 // CNNVD: CNNVD-201709-932 // NVD: CVE-2017-10931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10931
value: HIGH

Trust: 1.0

NVD: CVE-2017-10931
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34594
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-932
value: MEDIUM

Trust: 0.6

VULHUB: VHN-101303
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10931
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34594
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101303
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10931
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-10931
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-34594 // VULHUB: VHN-101303 // JVNDB: JVNDB-2017-008231 // CNNVD: CNNVD-201709-932 // NVD: CVE-2017-10931

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-101303 // JVNDB: JVNDB-2017-008231 // NVD: CVE-2017-10931

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-932

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201709-932

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008231

PATCH
title:Improper Access Control and Path Traversal Vulnerabilities in ZXR10 Next-Generation Access Routerurl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262
Trust: 0.8
title:ZTEZXR101800-2S Access Control Patch Vulnerability Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/106416
Trust: 0.6
title:ZTE ZXR10 1800-2S Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74997
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34594 // 
            
            
            
            JVNDB: JVNDB-2017-008231 // 
            
            
            
            CNNVD: CNNVD-201709-932

EXTERNAL IDS
db:NVDid:CVE-2017-10931
Trust: 3.1
db:ZTEid:1008262
Trust: 2.3
db:JVNDBid:JVNDB-2017-008231
Trust: 0.8
db:CNNVDid:CNNVD-201709-932
Trust: 0.7
db:CNVDid:CNVD-2017-34594
Trust: 0.6
db:SEEBUGid:SSVID-96772
Trust: 0.1
db:VULHUBid:VHN-101303
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34594 // 
            
            
            
            VULHUB: VHN-101303 // 
            
            
            
            JVNDB: JVNDB-2017-008231 // 
            
            
            
            CNNVD: CNNVD-201709-932 // 
            
            
            
            NVD: CVE-2017-10931

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1008262
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10931
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10931
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-34594 // 
            
            
            
            VULHUB: VHN-101303 // 
            
            
            
            JVNDB: JVNDB-2017-008231 // 
            
            
            
            CNNVD: CNNVD-201709-932 // 
            
            
            
            NVD: CVE-2017-10931

SOURCES
db:CNVDid:CNVD-2017-34594
db:VULHUBid:VHN-101303
db:JVNDBid:JVNDB-2017-008231
db:CNNVDid:CNNVD-201709-932
db:NVDid:CVE-2017-10931

LAST UPDATE DATE
2025-04-20T23:15:58.672000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34594date:2017-11-20T00:00:00
db:VULHUBid:VHN-101303date:2017-09-27T00:00:00
db:JVNDBid:JVNDB-2017-008231date:2017-10-12T00:00:00
db:CNNVDid:CNNVD-201709-932date:2017-09-25T00:00:00
db:NVDid:CVE-2017-10931date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34594date:2017-11-20T00:00:00
db:VULHUBid:VHN-101303date:2017-09-19T00:00:00
db:JVNDBid:JVNDB-2017-008231date:2017-10-12T00:00:00
db:CNNVDid:CNNVD-201709-932date:2017-09-25T00:00:00
db:NVDid:CVE-2017-10931date:2017-09-19T14:29:00.273