CVE-2023-25651
SQL Injection Vulnerability in Some ZTE Mobile Internet Products
Severity Score
8.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
Existe una vulnerabilidad de inyección SQL en algunos productos de Internet móvil de ZTE. Debido a una validación de entrada insuficiente del parámetro de la interfaz SMS, un atacante autenticado podría utilizar la vulnerabilidad para ejecutar una inyección SQL y provocar una fuga de información.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-09 CVE Reserved
- 2023-12-14 CVE Published
- 2023-12-20 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
- CAPEC-66: SQL Injection
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684 | 2023-12-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Mf833u1 Firmware Search vendor "Zte" for product "Mf833u1 Firmware" | bd_mf833u1v1.0.0b01 Search vendor "Zte" for product "Mf833u1 Firmware" and version "bd_mf833u1v1.0.0b01" | - |
Affected
| in | Zte Search vendor "Zte" | Mf833u1 Search vendor "Zte" for product "Mf833u1" | - | - |
Safe
|
| Zte Search vendor "Zte" | Mf286r Firmware Search vendor "Zte" for product "Mf286r Firmware" | cr_lvwrgbmf286rv1.0.0b04 Search vendor "Zte" for product "Mf286r Firmware" and version "cr_lvwrgbmf286rv1.0.0b04" | - |
Affected
| in | Zte Search vendor "Zte" | Mf286r Search vendor "Zte" for product "Mf286r" | - | - |
Safe
|