Sign-up

ID

VAR-201710-0182


CVE

CVE-2017-10933


TITLE

ZTE ZXDT22 SF01 Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-009523 // CNNVD: CNNVD-201710-679

DESCRIPTION

All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. ZTE ZXDT22 SF01 Contains a path traversal vulnerability.Information may be obtained. ZTEZXDT22SF01 is a DC power supply unit of China ZTE Corporation (ZTE). A directory traversal vulnerability exists in versions prior to ZTEZXDT22SF012.06.00.00. A remote attacker can exploit this vulnerability to read any file on the system

Trust: 2.25

sources: NVD: CVE-2017-10933 // JVNDB: JVNDB-2017-009523 // CNVD: CNVD-2017-32538 // VULHUB: VHN-101305

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32538

AFFECTED PRODUCTS

vendor:ztemodel:zxdt22 sf01scope:ltversion:2.06.00.00

Trust: 1.4

vendor:ztemodel:zxdt22 sf01scope:lteversion:v2.06.00.00

Trust: 1.0

vendor:ztemodel:zxdt22 sf01scope:eqversion:v2.06.00.00

Trust: 0.6

sources: CNVD: CNVD-2017-32538 // JVNDB: JVNDB-2017-009523 // CNNVD: CNNVD-201710-679 // NVD: CVE-2017-10933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10933
value: HIGH

Trust: 1.0

NVD: CVE-2017-10933
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-32538
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-679
value: MEDIUM

Trust: 0.6

VULHUB: VHN-101305
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10933
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32538
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101305
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10933
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32538 // VULHUB: VHN-101305 // JVNDB: JVNDB-2017-009523 // CNNVD: CNNVD-201710-679 // NVD: CVE-2017-10933

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-101305 // JVNDB: JVNDB-2017-009523 // NVD: CVE-2017-10933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-679

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201710-679

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009523

PATCH
title:Directory Traversal Vulnerability in ZTE ZXDT22 SF01 Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008582
Trust: 0.8
title:ZTEZXDT22SF01 directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/105299
Trust: 0.6
title:ZTE ZXDT22 SF01 Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75690
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32538 // 
            
            
            
            JVNDB: JVNDB-2017-009523 // 
            
            
            
            CNNVD: CNNVD-201710-679

EXTERNAL IDS
db:NVDid:CVE-2017-10933
Trust: 3.1
db:ZTEid:1008582
Trust: 2.3
db:JVNDBid:JVNDB-2017-009523
Trust: 0.8
db:CNNVDid:CNNVD-201710-679
Trust: 0.7
db:CNVDid:CNVD-2017-32538
Trust: 0.6
db:VULHUBid:VHN-101305
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32538 // 
            
            
            
            VULHUB: VHN-101305 // 
            
            
            
            JVNDB: JVNDB-2017-009523 // 
            
            
            
            CNNVD: CNNVD-201710-679 // 
            
            
            
            NVD: CVE-2017-10933

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1008582
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10933
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10933
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-32538 // 
            
            
            
            VULHUB: VHN-101305 // 
            
            
            
            JVNDB: JVNDB-2017-009523 // 
            
            
            
            CNNVD: CNNVD-201710-679 // 
            
            
            
            NVD: CVE-2017-10933

SOURCES
db:CNVDid:CNVD-2017-32538
db:VULHUBid:VHN-101305
db:JVNDBid:JVNDB-2017-009523
db:CNNVDid:CNNVD-201710-679
db:NVDid:CVE-2017-10933

LAST UPDATE DATE
2025-04-20T23:29:33.556000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32538date:2017-11-02T00:00:00
db:VULHUBid:VHN-101305date:2017-11-08T00:00:00
db:JVNDBid:JVNDB-2017-009523date:2017-11-15T00:00:00
db:CNNVDid:CNNVD-201710-679date:2017-10-26T00:00:00
db:NVDid:CVE-2017-10933date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32538date:2017-11-02T00:00:00
db:VULHUBid:VHN-101305date:2017-10-19T00:00:00
db:JVNDBid:JVNDB-2017-009523date:2017-11-15T00:00:00
db:CNNVDid:CNNVD-201710-679date:2017-10-26T00:00:00
db:NVDid:CVE-2017-10933date:2017-10-19T21:29:00.453