Vulnerability Details : CVE-2022-39071
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
Vulnerability category: Bypass
Products affected by CVE-2022-39071
- cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-39071
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-39071
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-13 |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
NIST |
References for CVE-2022-39071
-
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664
Security Bulletin DetailsVendor Advisory
Jump to