← back
CVE-2018-7358

CVE-2018-7358

CVSS 6.5 MEDIUMEPSS 89.6%
In short

The ZTE ZXHN H168N router has a flaw that lets unauthorized users perform actions they shouldn't be able to do. This happens because the device doesn't properly control who can make changes to its settings.

Technical detail

The vulnerability exists in versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7, and V2.2.0_PK11T due to improper change control mechanisms. An unauthenticated or low-privileged attacker can exploit this to execute unauthorized operations on the affected device, potentially modifying configuration or system behavior.

Summary generated and translated by AI from the official description.
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
ZTE · ZXHN H168N
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45972/unverifiedexploitdbwww.exploit-db.com/exploits/45972unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523https://www.exploit-db.com/exploits/45972/http://www.securityfocus.com/bid/105963