CVE-2022-39071 - Vulnerability Details

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Zte	Axon 40 Ultra Axon 40 Ultra Firmware Blade A31 Blade A31 Firmware Blade A31 Plus Blade A31 Plus Firmware Blade A3 Lite Blade A3 Lite Firmware Blade A51 Blade A51 Firmware Blade A52 Blade A52 Firmware Blade A5 2019 Blade A5 2019 Firmware Blade A5 2020 Blade A5 2020 Firmware Blade A71 Blade A71 Firmware Blade A72 Blade A72 Firmware Blade A7s Blade A7s Firmware Blade L210 Blade L210 Firmware Blade V20 Smart Blade V20 Smart Firmware Blade V30 Blade V30 Firmware Blade V30 Vita Blade V30 Vita Firmware Blade V40 Vita Blade V40 Vita Firmware V40 Pro V40 Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-41617	There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664

History

Mon, 13 Jan 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: zte

Published: 2023-05-30T00:00:00

Updated: 2025-01-13T20:40:41.363Z

Reserved: 2022-08-31T00:00:00

Link: CVE-2022-39071

Vulnrichment

Updated: 2024-08-03T11:10:32.478Z

NVD

Status : Modified

Published: 2023-05-30T23:15:09.273

Modified: 2025-01-13T21:15:09.897

Link: CVE-2022-39071

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object