ZTE ZXvSTB Product: Broken Access Control Vulnerability Allows Deletion of Default Application Type

ZTE ZXvSTB Product: Broken Access Control Vulnerability Allows Deletion of Default Application Type

CVE-2022-23144 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

Learn more about our Web Application Penetration Testing UK.