CVE-2024-22063 – ZTE ZENIC ONE R58 products contain a command in... (How to Fix)

Q: What is the severity of CVE-2024-22063?

CVE-2024-22063 has a CVSS score of 7.6 (HIGH). ZTE ZENIC ONE R58 products contain a command injection vulnerability that allows authenticated attackers to execute arbitrary commands. This enables message tampering, malicious code injection, and potential attacks on connected devices. Organizations using these ZTE network management products are affected.

📋 TL;DR

ZTE ZENIC ONE R58 products contain a command injection vulnerability that allows authenticated attackers to execute arbitrary commands. This enables message tampering, malicious code injection, and potential attacks on connected devices. Organizations using these ZTE network management products are affected.

💻 Affected Systems

Products:

ZTE ZENIC ONE R58

Versions: All versions prior to patch

Operating Systems: Linux-based embedded OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the management interface

📦 What is this software?

Zenic One R58 by Zte

View all CVEs affecting Zenic One R58 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to pivot to connected network devices, deploy ransomware, exfiltrate sensitive network configuration data, or disrupt critical network operations.

🟠

Likely Case

Unauthorized command execution leading to data manipulation, service disruption, or deployment of backdoors for persistent access.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but command injection is typically straightforward once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521

Restart Required: Yes

Instructions:

1. Contact ZTE support for patch availability 2. Backup configuration 3. Apply vendor-provided patch 4. Restart affected systems 5. Verify patch application

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ZENIC ONE management interface from untrusted networks

Access Control Restriction

all

Limit authenticated access to only necessary administrative users

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Enforce multi-factor authentication and least privilege access controls

🔍 How to Verify

Check if Vulnerable:

Check system version against vendor advisory and verify if patch has been applied

Check Version:

Check via ZENIC ONE web interface or consult vendor documentation

Verify Fix Applied:

Verify patch version from vendor advisory is installed and test for command injection vectors

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Multiple failed authentication attempts followed by successful login
Unexpected system configuration changes

Network Indicators:

Unusual outbound connections from management interface
Anomalous traffic patterns to/from ZENIC ONE systems

SIEM Query:

source="zenic-one" AND (event_type="command_execution" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2024-22063

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-1236

Published: December 30, 2024

Last Updated: January 28, 2025

🔗 References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22063, you might also want to check these: