There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
References
Link | Resource |
---|---|
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
30 Nov 2022, 13:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:zte:mf286r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:* |
|
References | (MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Zte mf286r
Zte mf286r Firmware Zte |
|
CWE | CWE-89 |
22 Nov 2022, 19:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-22 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-39066
Mitre link : CVE-2022-39066
CVE.ORG link : CVE-2022-39066
JSON object : View
Products Affected
zte
- mf286r_firmware
- mf286r
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')