CVE-2018-7356
MEDIUMZTE ZXR10 8905E Firmware < 3.03.10.b23p2 - TCP Connection Spoofing via ISN Reuse
Title source: llmDescription
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009783
Scores
CVSS v3
5.6
EPSS
0.0069
EPSS Percentile
47.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-294
Status
published
Products (1)
zte/zxr10_8905e_firmware
< 3.03.10.b23p2
Published
Nov 01, 2018
Tracked Since
Feb 18, 2026