CVE-2022-23144

Name: CVE-2022-23144
Creator: NVD / NIST
Published: 2022-09-23T15:15:12.687+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.1/10EPSS 0.65%

Last modified Jun 17, 2026

CVE-2022-23144 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Probability

0.65%

46.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Zte	Zxa10 B76hv3 Firmware	<= 2.01.02.01
Zte	Zxa10 B766v2 Firmware	<= 2.01.02.01
Zte	Zxa10 B800v2 Firmware	<= 2.01.02.01
Zte	Zxa10 B860av2.1 Firmware	<= 2.01.02.01
Zte	Zxa10 B860h Firmware	<= 2.01.02.01
Zte	Zxa10 B866v2-H Firmware	<= 2.01.02.01
Zte	Zxa10 B866v5-W10 Firmware	<= 2.01.02.01
Zte	Zxa10 B960gv1 Firmware	<= 2.01.02.01
Zte	Zxa10 B710c-A12 Firmware	<= 2.01.02.01
Zte	Zxa10 B710s2-A19 Firmware	<= 2.01.02.01
Zte	Zxa10 B836ct-A15 Firmware	<= 2.01.02.01
Zte	Zxa10 S100v Firmware	<= 2.01.02.01
Zte	Zxa10 S200a Firmware	<= 2.01.02.01
Zte	Zxa10 S200t Firmware	<= 2.01.02.01
Zte	Zxa10 B700v7 Firmware	<= 2.01.02.01

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224Vendor Advisory

Timeline

Published: Sep 23, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-23144?

How severe is CVE-2022-23144?

CVE-2022-23144 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.

How do I fix CVE-2022-23144?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-23144?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST