Sign-up

ID

VAR-201811-0978


CVE

CVE-2018-7360


TITLE

ZTE ZXHN F670 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-05530 // CNNVD: CNNVD-201811-526

DESCRIPTION

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. ZTE ZXHN F670 Contains an information disclosure vulnerability.Information may be obtained. ZTEZXHNF670 is a modem from China ZTE Corporation (ZTE)

Trust: 2.16

sources: NVD: CVE-2018-7360 // JVNDB: JVNDB-2018-014174 // CNVD: CNVD-2019-05530

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-05530

AFFECTED PRODUCTS

vendor:ztemodel:zxhn f670scope:ltversion:1.1.10p3t18

Trust: 1.0

vendor:ztemodel:zxhn f670scope:lteversion:1.1.10p3t18

Trust: 0.8

vendor:ztemodel:zxhn f670 <=v1.1.10p3t18scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-05530 // JVNDB: JVNDB-2018-014174 // NVD: CVE-2018-7360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7360
value: MEDIUM

Trust: 1.0

psirt@zte.com.cn: CVE-2018-7360
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7360
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-05530
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-526
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-7360
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-05530
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7360
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

psirt@zte.com.cn: CVE-2018-7360
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-05530 // JVNDB: JVNDB-2018-014174 // CNNVD: CNNVD-201811-526 // NVD: CVE-2018-7360 // NVD: CVE-2018-7360

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-014174 // NVD: CVE-2018-7360

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201811-526

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-526

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014174

PATCH
title:Multiple Vulnerabilities in Some ZTE CPE Terminal Productsurl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383
Trust: 0.8
title:ZTEZXHNF670 Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/154683
Trust: 0.6
title:ZTE ZXHN F670 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86921
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05530 // 
            
            
            
            JVNDB: JVNDB-2018-014174 // 
            
            
            
            CNNVD: CNNVD-201811-526

EXTERNAL IDS
db:NVDid:CVE-2018-7360
Trust: 3.0
db:ZTEid:1009383
Trust: 2.2
db:JVNDBid:JVNDB-2018-014174
Trust: 0.8
db:CNVDid:CNVD-2019-05530
Trust: 0.6
db:CNNVDid:CNNVD-201811-526
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05530 // 
            
            
            
            JVNDB: JVNDB-2018-014174 // 
            
            
            
            CNNVD: CNNVD-201811-526 // 
            
            
            
            NVD: CVE-2018-7360

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009383
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7360
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7360
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-05530 // 
            
            
            
            JVNDB: JVNDB-2018-014174 // 
            
            
            
            CNNVD: CNNVD-201811-526 // 
            
            
            
            NVD: CVE-2018-7360

SOURCES
db:CNVDid:CNVD-2019-05530
db:JVNDBid:JVNDB-2018-014174
db:CNNVDid:CNNVD-201811-526
db:NVDid:CVE-2018-7360

LAST UPDATE DATE
2024-11-23T21:37:57.303000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-05530date:2019-02-27T00:00:00
db:JVNDBid:JVNDB-2018-014174date:2019-03-13T00:00:00
db:CNNVDid:CNNVD-201811-526date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7360date:2024-11-21T04:12:04.163

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-05530date:2019-02-27T00:00:00
db:JVNDBid:JVNDB-2018-014174date:2019-03-13T00:00:00
db:CNNVDid:CNNVD-201811-526date:2018-11-19T00:00:00
db:NVDid:CVE-2018-7360date:2018-11-16T15:29:00.423