cvelist/2018/7xxx/CVE-2018-7363.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@zte.com.cn",
        "ID": "CVE-2018-7363",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "ZXHN F670",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<=",
                                            "version_value": "V1.1.10P3T18"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "ZTE"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper Authorization"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383",
                "refsource": "CONFIRM",
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}
- Synchronized data. 2018-02-22 11:04:59 -05:00			`{`
"-Synchronized-Data." 2019-03-17 22:07:14 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "psirt@zte.com.cn",`
			`"ID": "CVE-2018-7363",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "ZXHN F670",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<=",`
			`"version_value": "V1.1.10P3T18"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "ZTE"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Added submission from ZTE from 2018-11-14. 2018-11-16 09:32:01 -05:00			`{`
"-Synchronized-Data." 2019-03-17 22:07:14 +00:00			`"lang": "eng",`
			`"value": "All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials."`
- Added submission from ZTE from 2018-11-14. 2018-11-16 09:32:01 -05:00			`}`
"-Synchronized-Data." 2019-03-17 22:07:14 +00:00			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper Authorization"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383",`
			`"refsource": "CONFIRM",`
			`"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383"`
			`}`
			`]`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`}`
			`}`