Details of VAR-202410-1229

ID

VAR-202410-1229

CVE

CVE-2024-22068

TITLE

plural ZTE Weak Password Requirements Vulnerability in Products

Trust: 0.8

sources: JVNDB: JVNDB-2024-018534

DESCRIPTION

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. ZXR10 1800-2S firmware, zxr10 2800-4 firmware, zxr10 3800-8 firmware etc. ZTE The product contains a weak password requirement vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-22068 // JVNDB: JVNDB-2024-018534

AFFECTED PRODUCTS

vendor:	zte	model:	zxr10 2800-4	scope:	lt	version:	6.00.10	Trust: 1.0
vendor:	zte	model:	zxr10 1800-2s	scope:	lt	version:	6.00.10	Trust: 1.0
vendor:	zte	model:	zxr10 3800-8	scope:	lt	version:	6.00.10	Trust: 1.0
vendor:	zte	model:	zxr10 160	scope:	lt	version:	6.00.10	Trust: 1.0
vendor:	zte	model:	zxr10 1800-2s	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxr10 160	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxr10 2800-4	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxr10 3800-8	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-018534 // NVD: CVE-2024-22068

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@zte.com.cn:	CVE-2024-22068
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-22068
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-22068
value:	MEDIUM
Trust: 0.8

psirt@zte.com.cn:	CVE-2024-22068
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.5
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-22068
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-22068
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-018534 // NVD: CVE-2024-22068 // NVD: CVE-2024-22068

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	CWE-521	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [ others ]	Trust: 0.8
problemtype:	Weak password request (CWE-521) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-018534 // NVD: CVE-2024-22068

EXTERNAL IDS

db:	NVD	id:	CVE-2024-22068	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-018534	Trust: 0.8

sources: JVNDB: JVNDB-2024-018534 // NVD: CVE-2024-22068

REFERENCES

url:	https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-22068	Trust: 0.8

sources: JVNDB: JVNDB-2024-018534 // NVD: CVE-2024-22068

SOURCES

db:	JVNDB	id:	JVNDB-2024-018534
db:	NVD	id:	CVE-2024-22068

LAST UPDATE DATE

2025-02-11T23:03:27.741000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-018534	date:	2025-02-10T06:11:00
db:	NVD	id:	CVE-2024-22068	date:	2025-02-07T15:32:50.550

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-018534	date:	2025-02-10T00:00:00
db:	NVD	id:	CVE-2024-22068	date:	2024-10-10T09:15:03.190