CVE-2018-7355

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Severity Score

6.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.

Las versiones hasta la V1.0.0B05 de ZTE MF65 y todas las versiones hasta la V1.0.0B02 de ZTE MF65M1 se han visto impactadas por una vulnerabilidad de Cross-Site Scripting (XSS). Debido a la neutralización incorrecta de las entradas durante la generación de páginas web, un atacante podría explotar esta vulnerabilidad para realizar ataques de Cross-Site Scripting (XSS) reflejado o inyección HTML en los dispositivos.

ZTE MF65 BD_HDV6MF65V1.0.0B05 suffers from a cross site scripting vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-02-22 CVE Reserved
2018-09-26 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/46102	2024-08-05

URL	Date	SRC

URL	Date	SRC
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483	2019-01-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zte Search vendor "Zte"	Mf65 Firmware Search vendor "Zte" for product "Mf65 Firmware"	<= 1.0.0b05 Search vendor "Zte" for product "Mf65 Firmware" and version " <= 1.0.0b05"	-	Affected	in	Zte Search vendor "Zte"	Mf65 Search vendor "Zte" for product "Mf65"	-	-	Safe
Zte Search vendor "Zte"	Mf65m1 Firmware Search vendor "Zte" for product "Mf65m1 Firmware"	<= 1.0.0b02 Search vendor "Zte" for product "Mf65m1 Firmware" and version " <= 1.0.0b02"	-	Affected	in	Zte Search vendor "Zte"	Mf65m1 Search vendor "Zte" for product "Mf65m1"	-	-	Safe