CVE-2023-25646 HIGH

CVE-2023-25646: Permission and Access Control Vulnerability in ZTE H388X

Vendor Zte
Product ZXHN H388X
Weakness CWE-281
Published June 20, 2024
Last update August 2, 2024

CVSS base score

7.1/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

Key dates

02Disclosure timeline

June 20, 2024 CVE published
August 2, 2024 Record updated