CVE-2018-7366
MEDIUMZTE ZXV10 B860AV2.1 ChinaMobile Firmware - Authentication Bypass
Title source: llmDescription
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010023
Scores
CVSS v3
4.3
EPSS
0.0004
EPSS Percentile
12.1%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-863
Status
published
Products (1)
zte/zxv10_b860av2.1_chinamobile_firmware
< icnt_v1.3.3
Published
Dec 28, 2018
Tracked Since
Feb 18, 2026