CVE-2022-23139 – This vulnerability in ZTE's ZXMP M721 product i... (How to Fix)

Q: What is the severity of CVE-2022-23139?

CVE-2022-23139 has a CVSS score of 8.8 (HIGH). This vulnerability in ZTE's ZXMP M721 product involves incorrect SFTP folder permission reporting (showing 666 instead of actual permissions), allowing low-privilege users to potentially gain unauthorized access to critical files. It affects organizations using ZTE's ZXMP M721 networking equipment. The discrepancy between displayed and actual permissions could lead to privilege escalation.

📋 TL;DR

This vulnerability in ZTE's ZXMP M721 product involves incorrect SFTP folder permission reporting (showing 666 instead of actual permissions), allowing low-privilege users to potentially gain unauthorized access to critical files. It affects organizations using ZTE's ZXMP M721 networking equipment. The discrepancy between displayed and actual permissions could lead to privilege escalation.

💻 Affected Systems

Products:

ZTE ZXMP M721

Versions: Specific versions not publicly detailed in references

Operating Systems: Embedded system (likely custom ZTE OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in SFTP service permission handling; requires SFTP access to exploit.

📦 What is this software?

Zxmp M721 Firmware by Zte

View all CVEs affecting Zxmp M721 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative control over the networking device, enabling complete system compromise, data exfiltration, network disruption, or use as a pivot point for further attacks.

🟠

Likely Case

Unauthorized users access sensitive configuration files, modify network settings, or extract credentials, leading to partial system compromise.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized file viewing but not modification.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid low-privilege SFTP credentials; attackers would need to identify and access misreported directories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444

Restart Required: Yes

Instructions:

1. Contact ZTE support for specific patch. 2. Apply firmware update per vendor instructions. 3. Restart device to activate fixes. 4. Verify SFTP permission reporting matches actual permissions.

🔧 Temporary Workarounds

Restrict SFTP Access

all

Limit SFTP access to only necessary administrative users and disable for standard users.

# Configure via ZTE management interface - no universal CLI command

Manual Permission Verification

linux

Regularly audit actual file permissions versus SFTP-reported permissions on critical directories.

# Check actual permissions: ls -la /critical/path
# Compare with SFTP client display

🧯 If You Can't Patch

Implement strict network segmentation to isolate ZXMP M721 devices from untrusted networks.
Enhance monitoring of SFTP access logs for unusual file access patterns by low-privilege accounts.

🔍 How to Verify

Check if Vulnerable:

Connect via SFTP with low-privilege account, check if folder permissions show as 666 when actual permissions are more restrictive.

Check Version:

# Check via ZTE management interface or console; no universal command available

Verify Fix Applied:

After patching, verify SFTP-reported permissions match actual file system permissions on critical directories.

📡 Detection & Monitoring

Log Indicators:

Unusual SFTP access to sensitive directories by low-privilege users
File modification timestamps on critical config files without authorized changes

Network Indicators:

SFTP connections from unexpected IP addresses
Increased SFTP traffic to device

SIEM Query:

source="zte_logs" AND (event="sftp_access" AND user="low_privilege_user" AND path="/critical/*")

📊 Metadata

CVE ID: CVE-2022-23139

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: May 12, 2022

Last Updated: November 21, 2024

🔗 References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444 Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23139, you might also want to check these: