There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra affected
Version Status Constraints
All versions up to Z6356T_M01, All versions up to Blade A51_M06, All versions up to Blade A30_M08, All versions up to Blade A5 2020-T_M04, All versions up to GEN_MY_L210_V1.13, All versions up to CLA_GT_A7020_V2.1, All versions up to Blade A31_M02, All versions up to P600_M03, All versions up to P650 Pro_M12, All versions up to GEN_EU_EEA_A7030_V2.3, All versions up to MyOS11.0.2_A7039_CLA_CO, All versions up to TEL_MX_ZTE_8010V1.13, All versions up to TEL_MX_ZTE_9030V1.10, All versions up to TEL_MX_ZTE_8030V1.10, All versions up to MyOS11.0.3_9045_TEL All versions up to MyOS11.0.1_8044_CLA_CO, All versions up to NON_EEA_P898F01V1.0.0B25 affected

Configuration 1 [-]

AND
cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Zte Subscribe
Axon 40 Ultra Subscribe
Axon 40 Ultra Firmware Subscribe
Blade A31 Subscribe
Blade A31 Firmware Subscribe
Blade A31 Plus Subscribe
Blade A31 Plus Firmware Subscribe
Blade A3 Lite Subscribe
Blade A3 Lite Firmware Subscribe
Blade A51 Subscribe
Blade A51 Firmware Subscribe
Blade A52 Subscribe
Blade A52 Firmware Subscribe
Blade A5 2019 Subscribe
Blade A5 2019 Firmware Subscribe
Blade A5 2020 Subscribe
Blade A5 2020 Firmware Subscribe
Blade A71 Subscribe
Blade A71 Firmware Subscribe
Blade A72 Subscribe
Blade A72 Firmware Subscribe
Blade A7s Subscribe
Blade A7s Firmware Subscribe
Blade L210 Subscribe
Blade L210 Firmware Subscribe
Blade V20 Smart Subscribe
Blade V20 Smart Firmware Subscribe
Blade V30 Subscribe
Blade V30 Firmware Subscribe
Blade V30 Vita Subscribe
Blade V30 Vita Firmware Subscribe
Blade V40 Vita Subscribe
Blade V40 Vita Firmware Subscribe
V40 Pro Subscribe
V40 Pro Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2022-41620 There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664 cve-icon cve-icon
History

Mon, 13 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2025-01-13T20:39:36.919Z

Reserved: 2022-08-31T00:00:00

Link: CVE-2022-39074

cve-icon Vulnrichment

Updated: 2024-08-03T11:10:32.571Z

cve-icon NVD

Status : Modified

Published: 2023-05-30T23:15:09.393

Modified: 2025-01-13T21:15:10.137

Link: CVE-2022-39074

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses