CVE-2022-23135

Published: Feb 24, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.

Vendor	Product	Versions
n/a	ZXHN F677, ZXHN F477	affected `All versions up to V9.0.0P1N28`

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-23135

Description

Affected Products

References