There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Zte
  • Axon 40 Ultra
  • Axon 40 Ultra Firmware
  • Blade A31
  • Blade A31 Firmware
  • Blade A31 Plus
  • Blade A31 Plus Firmware
  • Blade A3 Lite
  • Blade A3 Lite Firmware
  • Blade A51
  • Blade A51 Firmware
  • Blade A52
  • Blade A52 Firmware
  • Blade A5 2019
  • Blade A5 2019 Firmware
  • Blade A5 2020
  • Blade A5 2020 Firmware
  • Blade A71
  • Blade A71 Firmware
  • Blade A72
  • Blade A72 Firmware
  • Blade A7s
  • Blade A7s Firmware
  • Blade L210
  • Blade L210 Firmware
  • Blade V20 Smart
  • Blade V20 Smart Firmware
  • Blade V30
  • Blade V30 Firmware
  • Blade V30 Vita
  • Blade V30 Vita Firmware
  • Blade V40 Vita
  • Blade V40 Vita Firmware
  • V40 Pro
  • V40 Pro Firmware

Configuration 1 [-]

AND
cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664 cve-icon cve-icon
History

Mon, 13 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2025-01-13T20:39:36.919Z

Reserved: 2022-08-31T00:00:00

Link: CVE-2022-39074

cve-icon Vulnrichment

Updated: 2024-08-03T11:10:32.571Z

cve-icon NVD

Status : Modified

Published: 2023-05-30T23:15:09.393

Modified: 2025-01-13T21:15:10.137

Link: CVE-2022-39074

cve-icon Redhat

No data.