Vulnerability Details : CVE-2022-39074
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
Vulnerability category: Bypass
Products affected by CVE-2022-39074
- cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-39074
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-39074
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
1.8
|
1.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-13 |
|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
1.8
|
1.4
|
NIST |
References for CVE-2022-39074
-
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664
Security Bulletin DetailsVendor Advisory
Jump to