Sign-up

ID

VAR-201903-1635


TITLE

ZTE video conference terminal equipment Authentication Bypass Vulnerability

Trust: 0.2

sources: IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a

DESCRIPTION

ZTE video conference terminal equipment An authentication bypass vulnerability exists. User logs out Cookie Without clearing, other users can bypass the login interface and enter the device control interface directly after the previous user logs out.

Trust: 0.2

sources: IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a

AFFECTED PRODUCTS

vendor:cpe a zte zxmodel:v10 t800scope: - version: -

Trust: 0.2

vendor:cpe a zte zxmodel:v10 t700scope: - version: -

Trust: 0.2

vendor:cpe a zte zxmodel:v10 t502scope: - version: -

Trust: 0.2

sources: IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a
value: HIGH

Trust: 0.2

IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a

TYPE

Licensing issues

Trust: 0.2

sources: IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a

EXTERNAL IDS

db:IVDid:8531CA32-3FE5-11E9-A19D-00900B69299A

Trust: 0.2

sources: IVD: 8531ca32-3fe5-11e9-a19d-00900b69299a

SOURCES

db:IVDid:8531ca32-3fe5-11e9-a19d-00900b69299a

LAST UPDATE DATE

2022-05-04T10:11:33.131000+00:00


SOURCES UPDATE DATE


SOURCES RELEASE DATE

db:IVDid:8531ca32-3fe5-11e9-a19d-00900b69299adate:2019-03-07T00:00:00