CVE-2017-10931 - Vulnerability Details

Vendors	Products
Zte	Zxr10 160 Zxr10 160 Firmware Zxr10 1800-2s Zxr10 1800-2s Firmware Zxr10 2800-4 Zxr10 2800-4 Firmware Zxr10 3800-8 Zxr10 3800-8 Firmware

Link	Providers
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262

Type	Values Removed	Values Added
First Time appeared		Zte zxr10 160 Zte zxr10 160 Firmware Zte zxr10 2800-4 Zte zxr10 2800-4 Firmware Zte zxr10 3800-8 Zte zxr10 3800-8 Firmware
CPEs		cpe:2.3:h:zte:zxr10_160:-:::::::* cpe:2.3:h:zte:zxr10_2800-4:-:::::::* cpe:2.3:h:zte:zxr10_3800-8:-:::::::* cpe:2.3:o:zte:zxr10_160_firmware:::::::: cpe:2.3:o:zte:zxr10_2800-4_firmware:::::::: cpe:2.3:o:zte:zxr10_3800-8_firmware::::::::
Vendors & Products		Zte zxr10 160 Zte zxr10 160 Firmware Zte zxr10 2800-4 Zte zxr10 2800-4 Firmware Zte zxr10 3800-8 Zte zxr10 3800-8 Firmware
Metrics	cvssV3_0 `{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "ZX10 1800-2S", "vendor": "ZTE", "versions": [{"status": "affected", "version": "All versions prior to V3.00.40"}]}], "datePublic": "2017-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."}], "problemTypes": [{"descriptions": [{"description": "Path Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-19T13:57:01", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "DATE_PUBLIC": "2017-08-10T00:00:00", "ID": "CVE-2017-10931", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ZX10 1800-2S", "version": {"version_data": [{"version_value": "All versions prior to V3.00.40"}]}}]}, "vendor_name": "ZTE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Path Traversal"}]}]}, "references": {"reference_data": [{"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262", "refsource": "MISC", "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:12.806Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"}]}]}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2017-10931", "datePublished": "2017-09-19T14:00:00Z", "dateReserved": "2017-07-05T00:00:00", "dateUpdated": "2024-09-17T03:37:33.507Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : ZX10 1800-2S (string)

vendor : ZTE (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions prior to V3.00.40 (string)

}

]

}

]

datePublic : 2017-08-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Path Traversal (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-19T13:57:01 (string)

orgId : 6786b568-6808-4982-b61f-398b0d9679eb (string)

shortName : zte (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@zte.com.cn (string)

DATE_PUBLIC : 2017-08-10T00:00:00 (string)

ID : CVE-2017-10931 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : ZX10 1800-2S (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions prior to V3.00.40 (string)

}

]

}

]

}

vendor_name : ZTE (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Path Traversal (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262 (string)

refsource : MISC (string)

url : http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T17:50:12.806Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 6786b568-6808-4982-b61f-398b0d9679eb (string)

assignerShortName : zte (string)

cveId : CVE-2017-10931 (string)

datePublished : 2017-09-19T14:00:00Z (string)

dateReserved : 2017-07-05T00:00:00 (string)

dateUpdated : 2024-09-17T03:37:33.507Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "720817E2-2A6C-458D-A755-734D3950ACB3", "versionEndExcluding": "3.00.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA2AC22D-CC1C-4F6E-AFA1-EEC6C2A294DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1953F140-3D24-4496-B5EB-9E79A2B00DA9", "versionEndExcluding": "3.00.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5A4FC3A-3137-4B81-85D4-48AC72CF1019", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C47EA3A-F5B6-4536-A35E-86426A6324C4", "versionEndExcluding": "3.00.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "6346FA61-050D-4E0A-906C-D2E62D9AA3A1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "57325750-FFA0-4F1B-A2BA-CC1573509445", "versionEndExcluding": "3.00.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*", "matchCriteriaId": "6389B69E-A7E2-4BF3-A628-4F5C0ED6EF86", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."}, {"lang": "es", "value": "ZXR10 1800-2S en versiones anteriores a la 3.00.40 restringe incorrectamente las descarga del rango del directorio de archivos para los usuarios WEB. Esto provoca que se pueda descargar cualquier archivo y provocar filtraciones de informaci\u00f3n como la configuraci\u00f3n del sistema."}], "id": "CVE-2017-10931", "lastModified": "2025-03-07T14:22:47.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-19T14:29:00.273", "references": [{"source": "psirt@zte.com.cn", "tags": ["Permissions Required"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 720817E2-2A6C-458D-A755-734D3950ACB3 (string)

versionEndExcluding : 3.00.40 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CA2AC22D-CC1C-4F6E-AFA1-EEC6C2A294DC (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1953F140-3D24-4496-B5EB-9E79A2B00DA9 (string)

versionEndExcluding : 3.00.40 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C5A4FC3A-3137-4B81-85D4-48AC72CF1019 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C47EA3A-F5B6-4536-A35E-86426A6324C4 (string)

versionEndExcluding : 3.00.40 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6346FA61-050D-4E0A-906C-D2E62D9AA3A1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 57325750-FFA0-4F1B-A2BA-CC1573509445 (string)

versionEndExcluding : 3.00.40 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6389B69E-A7E2-4BF3-A628-4F5C0ED6EF86 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. (string)

}

1 : { »

lang : es (string)

value : ZXR10 1800-2S en versiones anteriores a la 3.00.40 restringe incorrectamente las descarga del rango del directorio de archivos para los usuarios WEB. Esto provoca que se pueda descargar cualquier archivo y provocar filtraciones de información como la configuración del sistema. (string)

}

]

id : CVE-2017-10931 (string)

lastModified : 2025-03-07T14:22:47.347 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-09-19T14:29:00.273 (string)

references : [ »

0 : { »

source : psirt@zte.com.cn (string)

tags : [ »

0 : Permissions Required (string)

]

url : http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

]

url : http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262 (string)

}

]

sourceIdentifier : psirt@zte.com.cn (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object