Sign-up

ID

VAR-201811-0981


CVE

CVE-2018-7363


TITLE

ZTE ZXHN F670 Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012830

DESCRIPTION

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. ZTE ZXHN F670 The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHNF670 is an ITU-TG.984 and ITU-Tg.988 compatible Optical Network Terminal (ONT) designed for high-end home users

Trust: 2.16

sources: NVD: CVE-2018-7363 // JVNDB: JVNDB-2018-012830 // CNVD: CNVD-2019-08335

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-08335

AFFECTED PRODUCTS

vendor:ztemodel:zxhn f670scope:ltversion:1.1.10p3t18

Trust: 1.0

vendor:ztemodel:zxhn f670scope:lteversion:1.1.10p3t18

Trust: 0.8

vendor:ztemodel:zxhn f670 <=1.1.10p3t18scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-08335 // JVNDB: JVNDB-2018-012830 // NVD: CVE-2018-7363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7363
value: HIGH

Trust: 1.0

psirt@zte.com.cn: CVE-2018-7363
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7363
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-08335
value: LOW

Trust: 0.6

CNNVD: CNNVD-201811-529
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-7363
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-08335
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7363
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

psirt@zte.com.cn: CVE-2018-7363
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-08335 // JVNDB: JVNDB-2018-012830 // CNNVD: CNNVD-201811-529 // NVD: CVE-2018-7363 // NVD: CVE-2018-7363

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2018-012830 // NVD: CVE-2018-7363

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201811-529

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-529

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012830

PATCH
title:Multiple Vulnerabilities in Some ZTE CPE Terminal Productsurl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383
Trust: 0.8
title:ZTE ZXHNF670 improperly authorized vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/157479
Trust: 0.6
title:ZTE ZXHN F670 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86924
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-08335 // 
            
            
            
            JVNDB: JVNDB-2018-012830 // 
            
            
            
            CNNVD: CNNVD-201811-529

EXTERNAL IDS
db:NVDid:CVE-2018-7363
Trust: 3.0
db:ZTEid:1009383
Trust: 2.2
db:JVNDBid:JVNDB-2018-012830
Trust: 0.8
db:CNVDid:CNVD-2019-08335
Trust: 0.6
db:CNNVDid:CNNVD-201811-529
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-08335 // 
            
            
            
            JVNDB: JVNDB-2018-012830 // 
            
            
            
            CNNVD: CNNVD-201811-529 // 
            
            
            
            NVD: CVE-2018-7363

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009383
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7363
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7363
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-08335 // 
            
            
            
            JVNDB: JVNDB-2018-012830 // 
            
            
            
            CNNVD: CNNVD-201811-529 // 
            
            
            
            NVD: CVE-2018-7363

SOURCES
db:CNVDid:CNVD-2019-08335
db:JVNDBid:JVNDB-2018-012830
db:CNNVDid:CNNVD-201811-529
db:NVDid:CVE-2018-7363

LAST UPDATE DATE
2024-11-23T21:37:57.247000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-08335date:2019-03-28T00:00:00
db:JVNDBid:JVNDB-2018-012830date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-529date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7363date:2024-11-21T04:12:04.503

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-08335date:2019-03-28T00:00:00
db:JVNDBid:JVNDB-2018-012830date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-529date:2018-11-19T00:00:00
db:NVDid:CVE-2018-7363date:2018-11-16T15:29:00.517