CVE-2024-22069

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 8, 2024
Updated: Aug 20, 2024
CWE ID 269

Summary

CVE-2024-22069 is a newly discovered vulnerability affecting ZTE's ZXV10 XT802/ET301 products. This issue involves a permission and access control flaw that allows attackers with standard permissions to illegally access and change the administrator password through the terminal web interface. Interception of password change requests enables unauthorized individuals to gain administrative control of the affected device. Organizations using these ZTE products are advised to implement immediate security measures to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share