{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2397", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-17T07:01:36.512Z", "datePublished": "2025-03-17T21:00:11.859Z", "dateUpdated": "2025-03-18T14:25:59.502Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-17T21:00:11.859Z"}, "title": "China Mobile P22g-CIac Telnet Service improper authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "Improper Authorization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "China Mobile", "product": "P22g-CIac", "versions": [{"version": "20250305", "status": "affected"}], "modules": ["Telnet Service"]}, {"vendor": "China Mobile", "product": "ZXWT-MIG-P4G4V", "versions": [{"version": "20250305", "status": "affected"}], "modules": ["Telnet Service"]}, {"vendor": "China Mobile", "product": "ZXWT-MIG-P8G8V", "versions": [{"version": "20250305", "status": "affected"}], "modules": ["Telnet Service"]}, {"vendor": "China Mobile", "product": "GT3200-4G4P", "versions": [{"version": "20250305", "status": "affected"}], "modules": ["Telnet Service"]}, {"vendor": "China Mobile", "product": "GT3200-8G8P", "versions": [{"version": "20250305", "status": "affected"}], "modules": ["Telnet Service"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P bis 20250305 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Telnet Service. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.2, "vectorString": "AV:A/AC:L/Au:M/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-03-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-17T08:06:45.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "FizzL (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.299896", "name": "VDB-299896 | China Mobile P22g-CIac Telnet Service improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.299896", "name": "VDB-299896 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.514957", "name": "Submit #514957 | China Mobile Internet of Things Enterprise Gateway GT3200-8G8P;GT3200-4G4P;ZXWT-MIG-P8G8V;ZXWT-MIG-P4G4V;P22g-CIac Execution of unauthorized command", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-18T14:25:55.658104Z", "id": "CVE-2025-2397", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T14:25:59.502Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2397", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-18T14:25:55.658104Z"}}}], "references": [{"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T14:25:49.807Z"}}], "cna": {"title": "China Mobile P22g-CIac Telnet Service improper authorization", "credits": [{"lang": "en", "type": "reporter", "value": "FizzL (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.2, "vectorString": "AV:A/AC:L/Au:M/C:N/I:P/A:N"}}], "affected": [{"vendor": "China Mobile", "modules": ["Telnet Service"], "product": "P22g-CIac", "versions": [{"status": "affected", "version": "20250305"}]}, {"vendor": "China Mobile", "modules": ["Telnet Service"], "product": "ZXWT-MIG-P4G4V", "versions": [{"status": "affected", "version": "20250305"}]}, {"vendor": "China Mobile", "modules": ["Telnet Service"], "product": "ZXWT-MIG-P8G8V", "versions": [{"status": "affected", "version": "20250305"}]}, {"vendor": "China Mobile", "modules": ["Telnet Service"], "product": "GT3200-4G4P", "versions": [{"status": "affected", "version": "20250305"}]}, {"vendor": "China Mobile", "modules": ["Telnet Service"], "product": "GT3200-8G8P", "versions": [{"status": "affected", "version": "20250305"}]}], "timeline": [{"lang": "en", "time": "2025-03-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-17T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-17T08:06:45.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.299896", "name": "VDB-299896 | China Mobile P22g-CIac Telnet Service improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.299896", "name": "VDB-299896 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.514957", "name": "Submit #514957 | China Mobile Internet of Things Enterprise Gateway GT3200-8G8P;GT3200-4G4P;ZXWT-MIG-P8G8V;ZXWT-MIG-P4G4V;P22g-CIac Execution of unauthorized command", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P bis 20250305 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Telnet Service. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "Improper Authorization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-17T21:00:11.859Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2397", "state": "PUBLISHED", "dateUpdated": "2025-03-18T14:25:59.502Z", "dateReserved": "2025-03-17T07:01:36.512Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-17T21:00:11.859Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P y GT3200-8G8P hasta la versi\u00f3n 20250305. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente Telnet Service. La manipulaci\u00f3n da lugar a una autorizaci\u00f3n indebida. El ataque solo puede iniciarse dentro de la red local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-2397", "lastModified": "2025-03-18T15:16:01.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 2.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-17T21:15:14.533", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.299896"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.299896"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.514957"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-285"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}