CVE-2022-39074

LOW

ZTE Mobile Phones - Info Disclosure

Title source: llm

Description

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.

References (1)

Core 1

Core References

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664

Scores

CVSS v3 3.3

EPSS 0.0005

EPSS Percentile 15.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (17)

zte/axon_40_ultra_firmware < 1.0.0b26

zte/blade_a31_firmware < m03

zte/blade_a31_plus_firmware < m04

zte/blade_a3_lite_firmware < m09

zte/blade_a51_firmware < m07

zte/blade_a52_firmware < m02

zte/blade_a5_2019_firmware < m13

zte/blade_a5_2020_firmware < m05

zte/blade_a71_firmware < 2.4

zte/blade_a72_firmware < 11.0.3

... and 7 more

Published May 30, 2023

Tracked Since Feb 18, 2026