CVE-2022-39074

Description

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.

3.3

CVSS

Severity: Low

CVSS 3.1 •

EPSS 0.04%

Vendor Advisory com.cn

Affected: n/a ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra

References

Link	Tags
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-39074?: CVE-2022-39074 has been scored as a low severity vulnerability.
How to fix CVE-2022-39074?: To fix CVE-2022-39074, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-39074 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-39074 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-39074?: CVE-2022-39074 affects n/a ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.