- Added submission from ZTE from 2018-12-25.

2025-06-12 02:05:39 +00:00 · 2018-12-28 10:26:54 -05:00 · 2018-12-28 10:26:54 -05:00 · 99180e6a21
commit 99180e6a21
parent 1063ff50e0
1 changed files with 78 additions and 3 deletions
--- a/2018/7xxx/CVE-2018-7366.json
+++ b/2018/7xxx/CVE-2018-7366.json
@ -1,8 +1,44 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "psirt@zte.com.cn",
      "ID" : "CVE-2018-7366",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "ZXV10 B860AV2.1_ChinaMobile",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "affected" : "<=",
+                                 "version_value" : " ICNT_V1.3.3"
+                              },
+                              {
+                                 "affected" : "<=",
+                                 "version_value" : "BESTV_V1.2.2"
+                              },
+                              {
+                                 "affected" : "<=",
+                                 "version_value" : "WASU_V1.1.7"
+                              },
+                              {
+                                 "affected" : "<=",
+                                 "version_value" : "MGTV_V1.4.6"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "ZTE"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,8 +47,47 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations."
         }
      ]
+   },
+   "impact" : {
+      "cvss" : {
+         "attackComplexity" : "LOW",
+         "attackVector" : "PHYSICAL",
+         "availabilityImpact" : "LOW",
+         "baseScore" : 4.3,
+         "baseSeverity" : "MEDIUM",
+         "confidentialityImpact" : "LOW",
+         "integrityImpact" : "LOW",
+         "privilegesRequired" : "NONE",
+         "scope" : "UNCHANGED",
+         "userInteraction" : "NONE",
+         "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+         "version" : "3.0"
+      }
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Improper Access Control "
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "refsource" : "CONFIRM",
+            "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010023"
+         }
+      ]
+   },
+   "source" : {
+      "discovery" : "UNKNOWN"
   }
 }