CVE-2024-22063 HIGH

CVE-2024-22063: ZTE ZENIC ONE R58 product has a CSV injection vulnerability

Vendor Zte
Product ZENIC ONE R58
Weakness CWE-1236
Published December 30, 2024
Last update December 30, 2024

CVSS base score

7.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.

Key dates

02Disclosure timeline

December 30, 2024 CVE published
December 30, 2024 Record updated