Path Traversal in Zte Zx10 1800-2s
CVE-2017-10931
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.013 (66.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- psirt@zte.com.cn (Permissions Required, x_refsource_MISC)
Frequently asked questions
- What is CVE-2017-10931?
- CVE-2017-10931 is a high-severity vulnerability in Zte Zx10 1800-2s, classified under Path Traversal. CVSS score: 7.5/10. Published 2017-09-19.
- How severe is CVE-2017-10931?
- High severity. CVSS v3 base score is 7.5 out of 10.