Vulnerability Details CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2022-23139
-
cpe:2.3:h:zte:zxmp_m721:-
-
cpe:2.3:o:zte:zxmp_m721_firmware:5.10.030.006