CVE-2018-7363
MEDIUMZTE ZXHN F670 Firmware < 1.1.10p3t18 - Unauthenticated Credential Brute Force via appviahttp Service
Title source: llmDescription
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383
Scores
CVSS v3
4.3
EPSS
0.0008
EPSS Percentile
23.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (1)
zte/zxhn_f670_firmware
< 1.1.10p3t18
Published
Nov 16, 2018
Tracked Since
Feb 18, 2026