CVE-2017-10931
HIGHZTE ZXR10 Firmware < 3.00.40 - Unauthenticated Path Traversal and Information Disclosure
Title source: llmDescription
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
References (1)
Core 1
Core References
Permissions Required x_refsource_misc
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262
Scores
CVSS v3
7.5
EPSS
0.0040
EPSS Percentile
60.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (5)
ZTE/ZX10 1800-2S
All versions prior to V3.00.40
zte/zxr10_160_firmware
< 3.00.40
zte/zxr10_1800-2s_firmware
< 3.00.40
zte/zxr10_2800-4_firmware
< 3.00.40
zte/zxr10_3800-8_firmware
< 3.00.40
Published
Sep 19, 2017
Tracked Since
Feb 18, 2026