Sign-up

ID

VAR-202202-0278


CVE

CVE-2022-23135


TITLE

ZXHN F677  firmware and  ZXHN F477  Path traversal vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-006801

DESCRIPTION

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation. ZXHN F677 firmware and ZXHN F477 A path traversal vulnerability exists in firmware.Information is obtained and service operation is interrupted (DoS) It may be in a state. ZTE Zxhn F677 is a dual-band wireless router made by China ZTE Corporation

Trust: 2.25

sources: NVD: CVE-2022-23135 // JVNDB: JVNDB-2022-006801 // CNVD: CNVD-2023-39043 // VULMON: CVE-2022-23135

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2023-39043

AFFECTED PRODUCTS

vendor:ztemodel:zxhn f677scope:ltversion:9.0.0p1n29

Trust: 1.0

vendor:ztemodel:zxhn f477scope:ltversion:9.0.0p1n29

Trust: 1.0

vendor:ztemodel:zxhn f677scope: - version: -

Trust: 0.8

vendor:ztemodel:zxhn f477scope: - version: -

Trust: 0.8

vendor:ztemodel:zxhn f677 <9.0.0p1n29scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-39043 // JVNDB: JVNDB-2022-006801 // NVD: CVE-2022-23135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23135
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-23135
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-39043
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202202-1896
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-23135
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-23135
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2023-39043
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-23135
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-23135
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-39043 // VULMON: CVE-2022-23135 // JVNDB: JVNDB-2022-006801 // CNNVD: CNNVD-202202-1896 // NVD: CVE-2022-23135

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-006801 // NVD: CVE-2022-23135

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1896

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202202-1896

PATCH

title:Directory Traversal Vulnerability in Some ZTE Home Gateway Productsurl:https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444

Trust: 0.8

title:Patch for ZTE Zxhn F677 directory traversal vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/428816

Trust: 0.6

title:Zte Zxhn F677 Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185281

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2023-39043 // VULMON: CVE-2022-23135 // JVNDB: JVNDB-2022-006801 // CNNVD: CNNVD-202202-1896

EXTERNAL IDS

db:NVDid:CVE-2022-23135

Trust: 4.0

db:ZTEid:1023444

Trust: 2.3

db:JVNDBid:JVNDB-2022-006801

Trust: 0.8

db:CNVDid:CNVD-2023-39043

Trust: 0.6

db:CS-HELPid:SB2022051601

Trust: 0.6

db:CNNVDid:CNNVD-202202-1896

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2022-23135

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2023-39043 // VULMON: CVE-2022-23135 // JVNDB: JVNDB-2022-006801 // CNNVD: CNNVD-202202-1896 // NVD: CVE-2022-23135

REFERENCES

url:https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1023444

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-23135

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-23135/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051601

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2023-39043 // VULMON: CVE-2022-23135 // JVNDB: JVNDB-2022-006801 // CNNVD: CNNVD-202202-1896 // NVD: CVE-2022-23135

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2023-39043
db:VULMONid:CVE-2022-23135
db:JVNDBid:JVNDB-2022-006801
db:CNNVDid:CNNVD-202202-1896
db:NVDid:CVE-2022-23135

LAST UPDATE DATE

2025-01-30T21:55:50.606000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-39043date:2023-05-19T00:00:00
db:VULMONid:CVE-2022-23135date:2022-03-08T00:00:00
db:JVNDBid:JVNDB-2022-006801date:2023-07-10T02:04:00
db:CNNVDid:CNNVD-202202-1896date:2022-05-17T00:00:00
db:NVDid:CVE-2022-23135date:2024-11-21T06:48:04.507

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-39043date:2023-05-19T00:00:00
db:VULMONid:CVE-2022-23135date:2022-02-24T00:00:00
db:JVNDBid:JVNDB-2022-006801date:2023-07-10T00:00:00
db:CNNVDid:CNNVD-202202-1896date:2022-02-24T00:00:00
db:NVDid:CVE-2022-23135date:2022-02-24T19:15:10.183