cvedb.io
CVE-2022-23139
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-05-12T20:15:15.183 · Last modified 2026-06-17T04:29:35.210

Summary

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.

Affected products

zte — zxmp_m721_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when zte ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.