CVE-2017-10933

HIGH

ZTE ZXDT22 SF01 < V2.06.00.00 - Path Traversal via Full Path Name

Title source: llm

Description

All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008582

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 61.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

ZTE/ZXDT22 SF01 All versions prior to V2.06.00.00

zte/zxdt22_sf01_firmware < v2.06.00.00

Published Oct 19, 2017

Tracked Since Feb 18, 2026