All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other userβs password.
[
{
"product": "ZXR10 1800-2S",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "All versions prior to ZSRV2 V3.00.40"
}
]
}
]