{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T16:35:27.507","vulnerabilities":[{"cve":{"id":"CVE-2022-23139","sourceIdentifier":"psirt@zte.com.cn","published":"2022-05-12T20:15:15.183","lastModified":"2024-11-21T06:48:05.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."},{"lang":"es","value":"El producto ZXMP M721 de ZTE presenta una vulnerabilidad de control de permisos y acceso. Ya que el permiso de la carpeta visto por sftp es 666, que es inconsistente con el permiso real. Es fácil que usuarios ignoren la modificación de la configuración de los permisos de los archivos, por lo que las cuentas de baja autoridad podrían obtener permisos de funcionamiento más altos en los archivos clave"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zte:zxmp_m721_firmware:5.10.030.006:*:*:*:*:*:*:*","matchCriteriaId":"6CE8D862-D63C-4C95-B7CB-DBAD1690E435"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*","matchCriteriaId":"AEC586E9-E8FA-4988-8CD0-334A1F73BC61"}]}]}],"references":[{"url":"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444","source":"psirt@zte.com.cn","tags":["Vendor Advisory"]},{"url":"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}