{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26708", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "state": "PUBLISHED", "assignerShortName": "zte", "dateReserved": "2025-02-14T06:13:41.900Z", "datePublished": "2025-03-07T02:38:37.127Z", "dateUpdated": "2025-03-17T06:57:56.825Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ZTE Link", "vendor": "ZTE", "versions": [{"lessThanOrEqual": "5.4.9", "status": "affected", "version": "5.4.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.</p>"}], "value": "There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service."}], "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2025-03-17T06:57:56.825Z"}, "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5666152569221570580"}], "source": {"discovery": "UNKNOWN"}, "title": "ZTELink has a configuration defect vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T19:45:06.051727Z", "id": "CVE-2025-26708", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T19:45:15.470Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26708", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T19:45:06.051727Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T19:45:11.770Z"}}], "cna": {"title": "ZTELink has a configuration defect vulnerability", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZTE", "product": "ZTE Link", "versions": [{"status": "affected", "version": "5.4.0", "versionType": "custom", "lessThanOrEqual": "5.4.9"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5666152569221570580"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.", "supportingMedia": [{"type": "text/html", "value": "<p>There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2025-03-17T06:57:56.825Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26708", "state": "PUBLISHED", "dateUpdated": "2025-03-17T06:57:56.825Z", "dateReserved": "2025-02-14T06:13:41.900Z", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "datePublished": "2025-03-07T02:38:37.127Z", "assignerShortName": "zte"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service."}, {"lang": "es", "value": "Existe una vulnerabilidad de defecto de configuraci\u00f3n en ZTELink 5.4.9 para iOS. Esta vulnerabilidad es causada por un fallo en la configuraci\u00f3n de los par\u00e1metros WiFi de ZTELink. Un atacante puede obtener acceso no autorizado al servicio WiFi."}], "id": "CVE-2025-26708", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "psirt@zte.com.cn", "type": "Secondary"}]}, "published": "2025-03-07T03:15:33.307", "references": [{"source": "psirt@zte.com.cn", "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5666152569221570580"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "psirt@zte.com.cn", "type": "Secondary"}]}

{}

{}