Sign-up

ID

VAR-201811-0982


CVE

CVE-2018-7356


TITLE

ZTE ZXR10 8905E Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-011695

DESCRIPTION

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. ZTE ZXR10 8905E The product contains vulnerabilities related to security functions.Information may be tampered with. ZTEZXR108905E is a router product of China ZTE Corporation. A security vulnerability exists in ZTEZXR108905E3.03.10.B23P2 and earlier. A remote attacker can exploit this vulnerability to perform a spoofing attack

Trust: 2.25

sources: NVD: CVE-2018-7356 // JVNDB: JVNDB-2018-011695 // CNVD: CNVD-2018-22539 // VULHUB: VHN-137388

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-22539

AFFECTED PRODUCTS

vendor:ztemodel:zxr10 8905escope:eqversion:3.03.10.b23p2

Trust: 1.4

vendor:ztemodel:zxr10 8905escope:lteversion:3.03.10.b23p2

Trust: 1.0

vendor:ztemodel:zxr10 8905e <=v3.03.10.b23p2scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-22539 // JVNDB: JVNDB-2018-011695 // CNNVD: CNNVD-201811-002 // NVD: CVE-2018-7356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7356
value: HIGH

Trust: 1.0

psirt@zte.com.cn: CVE-2018-7356
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7356
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-22539
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-002
value: HIGH

Trust: 0.6

VULHUB: VHN-137388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7356
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-22539
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-137388
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7356
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

psirt@zte.com.cn: CVE-2018-7356
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 3.4
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2018-22539 // VULHUB: VHN-137388 // JVNDB: JVNDB-2018-011695 // CNNVD: CNNVD-201811-002 // NVD: CVE-2018-7356 // NVD: CVE-2018-7356

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.1

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-137388 // JVNDB: JVNDB-2018-011695 // NVD: CVE-2018-7356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-002

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011695

PATCH
title:ZTE ZXR10 8905E TCP Initial Sequence Number (ISN) Reuse Vulnerabilityurl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009783
Trust: 0.8
title:ZTEZXR108905ETCP Initial Serial Number (ISN) Reuse Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/143855
Trust: 0.6
title:ZTE ZXR10 8905E Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86556
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-22539 // 
            
            
            
            JVNDB: JVNDB-2018-011695 // 
            
            
            
            CNNVD: CNNVD-201811-002

EXTERNAL IDS
db:NVDid:CVE-2018-7356
Trust: 3.1
db:ZTEid:1009783
Trust: 2.3
db:JVNDBid:JVNDB-2018-011695
Trust: 0.8
db:CNNVDid:CNNVD-201811-002
Trust: 0.7
db:CNVDid:CNVD-2018-22539
Trust: 0.6
db:VULHUBid:VHN-137388
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-22539 // 
            
            
            
            VULHUB: VHN-137388 // 
            
            
            
            JVNDB: JVNDB-2018-011695 // 
            
            
            
            CNNVD: CNNVD-201811-002 // 
            
            
            
            NVD: CVE-2018-7356

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009783
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7356
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7356
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-22539 // 
            
            
            
            VULHUB: VHN-137388 // 
            
            
            
            JVNDB: JVNDB-2018-011695 // 
            
            
            
            CNNVD: CNNVD-201811-002 // 
            
            
            
            NVD: CVE-2018-7356

SOURCES
db:CNVDid:CNVD-2018-22539
db:VULHUBid:VHN-137388
db:JVNDBid:JVNDB-2018-011695
db:CNNVDid:CNNVD-201811-002
db:NVDid:CVE-2018-7356

LAST UPDATE DATE
2024-11-23T22:58:48.977000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-22539date:2018-11-06T00:00:00
db:VULHUBid:VHN-137388date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011695date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-002date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7356date:2024-11-21T04:12:03.670

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-22539date:2018-11-06T00:00:00
db:VULHUBid:VHN-137388date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-011695date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-002date:2018-11-02T00:00:00
db:NVDid:CVE-2018-7356date:2018-11-01T13:29:00.723