← back
CVE-2018-7364

CVE-2018-7364

CVSS 8.3 HIGHEPSS 10.3%CWE-284
In short

The ZTE ZXIN10 device allows unauthorized remote attackers to execute code with root privileges due to weak access controls on a system process. This means attackers can take complete control of the device without proper authentication.

Technical detail

The devcomm process in ZTE ZXIN10 (versions ≤1.01.43) lacks proper access control mechanisms (CWE-284), enabling unauthenticated remote attackers to interact with the process and execute arbitrary code with root-level privileges. Exploitation requires network access to the affected device but no prior authentication or credentials.

Summary generated and translated by AI from the official description.
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
ZTE · ZXIN10-European region

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7phttps://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943