CVE-2022-39070

CRITICAL

ZTE ZXA10 C350M and C300M Firmware 2.1.0-2.1.0xgp002.4 - Unauthenticated Remote Command Execution

Title source: llm

Description

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

References (1)

Core 1

Core References

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824

Scores

CVSS v3 9.8

EPSS 0.0075

EPSS Percentile 73.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-284

Status published

Products (2)

zte/zxa10_c300m_firmware 2.1.0 - 2.1.0xgp002.4

zte/zxa10_c350m_firmware 2.1.0 - 2.1.0xgp002.4

Published Nov 22, 2022

Tracked Since Feb 18, 2026