CVE-2025-26708

{"id": "CVE-2025-26708", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@zte.com.cn", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}]}, "published": "2025-03-07T03:15:33.307", "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5666152569221570580", "source": "psirt@zte.com.cn"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@zte.com.cn", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service."}, {"lang": "es", "value": "Existe una vulnerabilidad de defecto de configuraci\u00f3n en ZTELink 5.4.9 para iOS. Esta vulnerabilidad es causada por un fallo en la configuraci\u00f3n de los par\u00e1metros WiFi de ZTELink. Un atacante puede obtener acceso no autorizado al servicio WiFi."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@zte.com.cn"}