There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
References
Link | Resource |
---|---|
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684 | Vendor Advisory |
Configurations
History
19 Dec 2023, 18:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zte mf833u1 Firmware
Zte mf286r Firmware Zte mf833u1 Zte Zte mf286r |
|
CPE | cpe:2.3:o:zte:mf833u1_firmware:bd_mf833u1v1.0.0b01:*:*:*:*:*:*:* cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:* cpe:2.3:o:zte:mf286r_firmware:cr_lvwrgbmf286rv1.0.0b04:*:*:*:*:*:*:* cpe:2.3:h:zte:mf833u1:-:*:*:*:*:*:*:* |
|
CWE | CWE-89 | |
References | () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684 - Vendor Advisory | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
14 Dec 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 07:15
Updated : 2023-12-19 18:46
NVD link : CVE-2023-25651
Mitre link : CVE-2023-25651
CVE.ORG link : CVE-2023-25651
JSON object : View
Products Affected
zte
- mf286r
- mf833u1
- mf833u1_firmware
- mf286r_firmware