Details of VAR-202502-2075

ID

VAR-202502-2075

TITLE

ZTE Corporation ZSRV2 router web management system has arbitrary file read vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-04013

DESCRIPTION

ZTE Corporation is a leading global provider of integrated information and communications technology solutions. An arbitrary file read vulnerability exists in the web management system of ZTE Corporation's ZSRV2 router, which can be exploited by attackers to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2025-04013

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-04013

AFFECTED PRODUCTS

vendor:

zte

model:

zsrv2 router web management system

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-04013

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2025-04013
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-04013
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-04013

EXTERNAL IDS

db:

CNVD

id:

CNVD-2025-04013

Trust: 0.6

sources: CNVD: CNVD-2025-04013

SOURCES

db:

CNVD

id:

CNVD-2025-04013

LAST UPDATE DATE

2025-03-02T19:24:51.259000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2025-04013

date:

2025-02-28T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2025-04013

date:

2025-02-23T00:00:00