CVE-2018-7364 HIGH

CVE-2018-7364

Vendor Zte
Product ZXIN10-European region
Weakness CWE-284
Published December 7, 2018
Last update August 5, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

Key dates

02Disclosure timeline

December 7, 2018 CVE published
August 5, 2024 Record updated