VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 16, 2018· Updated Aug 5, 2024

CVE-2018-7361

CVE-2018-7361

Description

A null pointer dereference in the appviahttp service of ZTE ZXHN F670 V1.0 devices (up to V1.1.10P3T18) allows an adjacent unauthenticated attacker to cause a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A null pointer dereference in the appviahttp service of ZTE ZXHN F670 V1.0 devices (up to V1.1.10P3T18) allows an adjacent unauthenticated attacker to cause a denial of service.

Vulnerability

A null pointer dereference vulnerability exists in the appviahttp service of ZTE ZXHN F670 V1.0 devices running firmware versions up to V1.1.10P3T18. The flaw is triggered when the service processes specially crafted requests, leading to a crash. No authentication is required to reach the vulnerable code path [1].

Exploitation

An attacker must be on the same network segment (adjacent) as the targeted device to send network requests to the appviahttp service. The attack complexity is low, requires no privileges, and no user interaction. By sending a malicious request, the attacker causes the service to dereference a null pointer, resulting in a denial of service condition [1].

Impact

Successful exploitation causes the appviahttp service to crash, resulting in a denial of service. The impact is limited to availability; there is no impact on confidentiality or integrity. The CVSS v3.0 base score is 6.5 (Medium) with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [1].

Mitigation

ZTE has released firmware version V1.1.10P3T22 to address the vulnerability in ZXHN F670 V1.0 devices. Users should upgrade to this fixed version or later. No workarounds are documented. Affected devices running versions prior to V1.1.10P3T18 should be updated immediately [1].

References
  1. Security Bulletin Details

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Zte/ZXHN F670llm-create2 versions
    <= V1.1.10P3T18+ 1 more
    • (no CPE)range: <= V1.1.10P3T18
    • (no CPE)range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.