Sign-up

ID

VAR-201909-0088


CVE

CVE-2019-3416


TITLE

ZTE ZXV10 B860A Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-34386 // CNNVD: CNNVD-201909-1053

DESCRIPTION

All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. ZTE ZXV10 B860A The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXV10 B860A is a network set-top box of China ZTE Corporation

Trust: 2.25

sources: NVD: CVE-2019-3416 // JVNDB: JVNDB-2019-009540 // CNVD: CNVD-2019-34386 // VULHUB: VHN-154851

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-34386

AFFECTED PRODUCTS

vendor:ztemodel:zxv10 b860ascope:lteversion:81511329.1008

Trust: 1.8

vendor:ztemodel:zxv10 b860ascope:lteversion:<=81511329.1008

Trust: 0.6

vendor:ztemodel:zxv10 b860ascope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-34386 // JVNDB: JVNDB-2019-009540 // CNNVD: CNNVD-201909-1053 // NVD: CVE-2019-3416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3416
value: CRITICAL

Trust: 1.0

psirt@zte.com.cn: CVE-2019-3416
value: HIGH

Trust: 1.0

NVD: CVE-2019-3416
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-34386
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-1053
value: CRITICAL

Trust: 0.6

VULHUB: VHN-154851
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3416
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-34386
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-154851
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3416
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@zte.com.cn: CVE-2019-3416
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.4
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-3416
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-34386 // VULHUB: VHN-154851 // JVNDB: JVNDB-2019-009540 // CNNVD: CNNVD-201909-1053 // NVD: CVE-2019-3416 // NVD: CVE-2019-3416

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-154851 // JVNDB: JVNDB-2019-009540 // NVD: CVE-2019-3416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1053

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009540

PATCH
title:Input Validation Vulnerability in ZTE Smart STBurl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011263
Trust: 0.8
title:Patch for ZTE ZXV10 B860A Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/183847
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-34386 // 
            
            
            
            JVNDB: JVNDB-2019-009540

EXTERNAL IDS
db:NVDid:CVE-2019-3416
Trust: 3.1
db:ZTEid:1011263
Trust: 2.3
db:JVNDBid:JVNDB-2019-009540
Trust: 0.8
db:CNNVDid:CNNVD-201909-1053
Trust: 0.7
db:CNVDid:CNVD-2019-34386
Trust: 0.6
db:VULHUBid:VHN-154851
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-34386 // 
            
            
            
            VULHUB: VHN-154851 // 
            
            
            
            JVNDB: JVNDB-2019-009540 // 
            
            
            
            CNNVD: CNNVD-201909-1053 // 
            
            
            
            NVD: CVE-2019-3416

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1011263
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-3416
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3416
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-34386 // 
            
            
            
            VULHUB: VHN-154851 // 
            
            
            
            JVNDB: JVNDB-2019-009540 // 
            
            
            
            CNNVD: CNNVD-201909-1053 // 
            
            
            
            NVD: CVE-2019-3416

SOURCES
db:CNVDid:CNVD-2019-34386
db:VULHUBid:VHN-154851
db:JVNDBid:JVNDB-2019-009540
db:CNNVDid:CNNVD-201909-1053
db:NVDid:CVE-2019-3416

LAST UPDATE DATE
2024-11-23T22:58:35.578000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-34386date:2019-10-10T00:00:00
db:VULHUBid:VHN-154851date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009540date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-1053date:2019-09-30T00:00:00
db:NVDid:CVE-2019-3416date:2024-11-21T04:42:03.430

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-34386date:2019-10-10T00:00:00
db:VULHUBid:VHN-154851date:2019-09-23T00:00:00
db:JVNDBid:JVNDB-2019-009540date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-1053date:2019-09-23T00:00:00
db:NVDid:CVE-2019-3416date:2019-09-23T14:15:10.807