CVE-2024-22067

MEDIUM

ZTE NH8091 Firmware - Authenticated Remote Code Execution via Web Module Interface

Title source: llm

Description

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.

References (1)

Core 1

Core References

Vendor Advisory

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6179526095692935173

Scores

CVSS v3 6.8

EPSS 0.0021

EPSS Percentile 43.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

zte/nh8091_firmware znh8091v1.8

Published Nov 18, 2024

Tracked Since Feb 18, 2026