CVE-2022-23139
HIGHZTE ZXMP M721 Firmware - Incorrect Authorization via SFTP Folder Permission Mismatch
Title source: llmDescription
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444
Scores
CVSS v3
8.8
EPSS
0.0025
EPSS Percentile
48.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (1)
zte/zxmp_m721_firmware
5.10.030.006
Published
May 12, 2022
Tracked Since
Feb 18, 2026