CVE-2019-3411 HIGH

CVE-2019-3411

Vendor Zte
Product ZTE MF920
Published June 11, 2019
Last update August 4, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.

Key dates

02Disclosure timeline

June 11, 2019 CVE published
August 4, 2024 Record updated