CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25649 – OS Command Injection Vulnerability in a Mobile Internet Product of ZTE
https://notcve.org/view.php?id=CVE-2023-25649
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. Existe una vulnerabilidad de inyección de comandos en un producto de Internet móvil de ZTE. Debido a la insuficiente validación del parámetro de interfaz SET_DEVICE_LED, un atacante autenticado podría utilizar la vulnerabilidad para ejecutar comandos arbitrarios. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ZTE MF286R routers. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032544 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2022-39071
https://notcve.org/view.php?id=CVE-2022-39071
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664 •
CVSS: 3.3EPSS: 0%CPEs: 34EXPL: 0CVE-2022-39074
https://notcve.org/view.php?id=CVE-2022-39074
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664 •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2022-39075
https://notcve.org/view.php?id=CVE-2022-39075
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-39073
https://notcve.org/view.php?id=CVE-2022-39073
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. Existe una vulnerabilidad de inyección de comandos en ZTE MF286R. Debido a una validación insuficiente de los parámetros de entrada, un atacante podría utilizar la vulnerabilidad para ejecutar comandos arbitrarios. • https://github.com/v0lp3/CVE-2022-39073 https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028664 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •