Is CVE-2017-10931 actively exploited?

CVE-2017-10931 has no public evidence of in-the-wild exploitation as of 2025-04-20.

What is the CVSS score for CVE-2017-10931?

CVE-2017-10931 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2017-10931?

Patch guidance is available from zte security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2017-10931.

Fix CVE-2017-10931 - HIGH zte zxr10 1800-2s firmware

Q: Which products are affected by CVE-2017-10931?

4 products: zte zxr10 1800-2s firmware, zte zxr10 2800-4 firmware, zte zxr10 3800-8 firmware, zte zxr10 160 firmware.

Description

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-22 · Path Traversal

Metadata

Primary Vendor: ZTE
Published: 9/19/2017
Last Modified: 4/20/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zte : zxr10_1800-2s_firmwarezte : zxr10_2800-4_firmwarezte : zxr10_3800-8_firmwarezte : zxr10_160_firmware

Remediation Guidance

Executive Summary

View on NIST NVD