- EPSS 0.04%
- Veröffentlicht 14.12.2023 07:15:08
- Zuletzt bearbeitet 21.11.2024 07:49:52
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. ...
CVE-2023-25649
- EPSS 0.14%
- Veröffentlicht 25.08.2023 10:15:08
- Zuletzt bearbeitet 21.11.2024 07:49:52
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVE-2022-39072
- EPSS 0.3%
- Veröffentlicht 06.01.2023 19:15:09
- Zuletzt bearbeitet 10.04.2025 14:15:22
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
CVE-2022-39073
- EPSS 12.02%
- Veröffentlicht 06.01.2023 19:15:09
- Zuletzt bearbeitet 10.04.2025 14:15:22
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
CVE-2022-39066
- EPSS 71.5%
- Veröffentlicht 22.11.2022 17:15:10
- Zuletzt bearbeitet 29.04.2025 05:15:42
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
CVE-2022-39067
- EPSS 0.32%
- Veröffentlicht 22.11.2022 17:15:10
- Zuletzt bearbeitet 29.04.2025 05:15:42
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.