Sign-up

ID

VAR-201811-0980


CVE

CVE-2018-7362


TITLE

ZTE ZXHN F670 Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012829

DESCRIPTION

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. ZTE ZXHN F670 The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHNF670 is an ITU-TG.984 and ITU-Tg.988 compatible Optical Network Terminal (ONT) designed for high-end home users

Trust: 2.16

sources: NVD: CVE-2018-7362 // JVNDB: JVNDB-2018-012829 // CNVD: CNVD-2019-08336

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-08336

AFFECTED PRODUCTS

vendor:ztemodel:zxhn f670scope:ltversion:1.1.10p3t18

Trust: 1.0

vendor:ztemodel:zxhn f670scope:lteversion:1.1.10p3t18

Trust: 0.8

vendor:ztemodel:zxhn f670 <=1.1.10p3t18scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-08336 // JVNDB: JVNDB-2018-012829 // NVD: CVE-2018-7362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7362
value: HIGH

Trust: 1.0

psirt@zte.com.cn: CVE-2018-7362
value: HIGH

Trust: 1.0

NVD: CVE-2018-7362
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-08336
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-528
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-7362
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-08336
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7362
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

psirt@zte.com.cn: CVE-2018-7362
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-08336 // JVNDB: JVNDB-2018-012829 // CNNVD: CNNVD-201811-528 // NVD: CVE-2018-7362 // NVD: CVE-2018-7362

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

sources: JVNDB: JVNDB-2018-012829 // NVD: CVE-2018-7362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-528

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201811-528

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012829

PATCH
title:Multiple Vulnerabilities in Some ZTE CPE Terminal Productsurl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383
Trust: 0.8
title:ZTE ZXHNF670 improper access control vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/157481
Trust: 0.6
title:ZTE ZXHN F670 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86923
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-08336 // 
            
            
            
            JVNDB: JVNDB-2018-012829 // 
            
            
            
            CNNVD: CNNVD-201811-528

EXTERNAL IDS
db:NVDid:CVE-2018-7362
Trust: 3.0
db:ZTEid:1009383
Trust: 2.2
db:JVNDBid:JVNDB-2018-012829
Trust: 0.8
db:CNVDid:CNVD-2019-08336
Trust: 0.6
db:CNNVDid:CNNVD-201811-528
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-08336 // 
            
            
            
            JVNDB: JVNDB-2018-012829 // 
            
            
            
            CNNVD: CNNVD-201811-528 // 
            
            
            
            NVD: CVE-2018-7362

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009383
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7362
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7362
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-08336 // 
            
            
            
            JVNDB: JVNDB-2018-012829 // 
            
            
            
            CNNVD: CNNVD-201811-528 // 
            
            
            
            NVD: CVE-2018-7362

SOURCES
db:CNVDid:CNVD-2019-08336
db:JVNDBid:JVNDB-2018-012829
db:CNNVDid:CNNVD-201811-528
db:NVDid:CVE-2018-7362

LAST UPDATE DATE
2024-11-23T21:37:57.192000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-08336date:2019-03-28T00:00:00
db:JVNDBid:JVNDB-2018-012829date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-528date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7362date:2024-11-21T04:12:04.393

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-08336date:2019-03-28T00:00:00
db:JVNDBid:JVNDB-2018-012829date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-528date:2018-11-19T00:00:00
db:NVDid:CVE-2018-7362date:2018-11-16T15:29:00.487