Abstract Advisory Information
The device allows the administrator to lock some communication channel like Wi-Fi, Bluetooth, NFC or SD card, but it is still possible to use the Ethernet cable without restriction.
Author: Valentin Giannini & Alexandre Guldner
Name: Zebra Enterprise Home Screen
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 12/05/2022: Vulnerability discovery.
- 12/05/2022: Vulnerability Report to CERT-XLM.
- 13/05/2022: Vulnerability Report to Vendor through Bug bounty platform.
- 16/05/2022: Acknowledge from the vendor regarding 1st vulnerability.
- 24/06/2022: Vulnerability Report to Zebra Tech Support EMEA.
- 27/06/2022: Acknowledge from Zebra Tech Support EMEA.
- 08/07/2022: Update asked to vendor.
- 08/07/2022: Acknowledge from the vendor but the same answer.
- 22/07/2022: Request CVE ID to Mitre.
- 25/07/2022: CVE IDs assigned: CVE-2022-36443
- 05/08/2022: Second acknowledge from vendor with ticket number: 12763250
- 12/08/2022: Vendor claimed vulnerabilities are not worth fixing.
- 30/11/2022: Vulnerability disclosure