Details of VAR-202209-1521

ID

VAR-202209-1521

CVE

CVE-2022-23144

TITLE

plural ZTE Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-017847

DESCRIPTION

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. zxa10 b76hv3 firmware, zxa10 b766v2 firmware, zxa10 b800v2 firmware etc. ZTE There are unspecified vulnerabilities in the product.Information is tampered with and service operation is interrupted (DoS) It may be in a state. ZTE ZXvSTB is a cloud-based set-top box of China ZTE (ZTE). ZTE ZXvSTB has an authorization problem vulnerability

Trust: 2.16

sources: NVD: CVE-2022-23144 // JVNDB: JVNDB-2022-017847 // CNVD: CNVD-2022-88193

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-88193

AFFECTED PRODUCTS

vendor:	zte	model:	zxa10 b710s2-a19	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b766v2	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b800v2	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b960gv1	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b700v7	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b866v5-w10	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 s200t	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b836ct-a15	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b860h	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 s100v	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 s200a	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b860av2.1	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b710c-a12	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b76hv3	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b866v2-h	scope:	lte	version:	2.01.02.01	Trust: 1.0
vendor:	zte	model:	zxa10 b766v2	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 s200a	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b836ct-a15	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b866v2-h	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 s200t	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 s100v	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b76hv3	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b710c-a12	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b860av2.1	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b866v5-w10	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b860h	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b800v2	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b710s2-a19	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b960gv1	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b700v7	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxa10 b800v2	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b860av2.1	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b860h	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b866v2-h	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b866v5-w10	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b960gv1	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b710c-a12	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b710s2-a19	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b836ct-a15	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 s100v	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 s200a	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 s200t	scope:	lte	version:	<=2.01.02.01	Trust: 0.6
vendor:	zte	model:	zxa10 b700v7	scope:	lte	version:	<=2.01.02.01	Trust: 0.6

sources: CNVD: CNVD-2022-88193 // JVNDB: JVNDB-2022-017847 // NVD: CVE-2022-23144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23144
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-23144
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-23144
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-88193
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202209-2388
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2022-88193
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-23144
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 2.0
NVD:	CVE-2022-23144
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-88193 // JVNDB: JVNDB-2022-017847 // CNNVD: CNNVD-202209-2388 // NVD: CVE-2022-23144 // NVD: CVE-2022-23144

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-017847 // NVD: CVE-2022-23144

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-2388

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202209-2388

PATCH

title:	Patch for ZTE ZXvSTB Authorization Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/372386	Trust: 0.6
title:	ZTE ZXvSTB Post-link vulnerability fixes	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209155	Trust: 0.6

sources: CNVD: CNVD-2022-88193 // CNNVD: CNNVD-202209-2388

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23144	Trust: 3.8
db:	ZTE	id:	1026224	Trust: 3.0
db:	JVNDB	id:	JVNDB-2022-017847	Trust: 0.8
db:	CNVD	id:	CNVD-2022-88193	Trust: 0.6
db:	CNNVD	id:	CNNVD-202209-2388	Trust: 0.6

sources: CNVD: CNVD-2022-88193 // JVNDB: JVNDB-2022-017847 // CNNVD: CNNVD-202209-2388 // NVD: CVE-2022-23144

REFERENCES

url:	https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1026224	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23144	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-23144/	Trust: 0.6

sources: CNVD: CNVD-2022-88193 // JVNDB: JVNDB-2022-017847 // CNNVD: CNNVD-202209-2388 // NVD: CVE-2022-23144

SOURCES

db:	CNVD	id:	CNVD-2022-88193
db:	JVNDB	id:	JVNDB-2022-017847
db:	CNNVD	id:	CNNVD-202209-2388
db:	NVD	id:	CVE-2022-23144

LAST UPDATE DATE

2025-05-23T23:26:15.231000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-88193	date:	2022-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-017847	date:	2023-10-16T08:23:00
db:	CNNVD	id:	CNNVD-202209-2388	date:	2022-09-27T00:00:00
db:	NVD	id:	CVE-2022-23144	date:	2025-05-22T19:15:29.063

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-88193	date:	2022-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-017847	date:	2023-10-16T00:00:00
db:	CNNVD	id:	CNNVD-202209-2388	date:	2022-09-23T00:00:00
db:	NVD	id:	CVE-2022-23144	date:	2022-09-23T15:15:12.687