admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-23139.md

18 lines
846 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-23139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23139)
![](https://img.shields.io/static/v1?label=Product&message=ZXMP%20M721&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=permission%20and%20access%20control&color=brighgreen)
### Description
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. Its easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/karimhabush/cyberowl
Reference in New Issue Copy Permalink