VYPR
Unrated severityNVD Advisory· Published Aug 25, 2023· Updated Oct 2, 2024

OS Command Injection Vulnerability in a Mobile Internet Product of ZTE

CVE-2023-25649

Description

There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Zte/MF286Rcpe-rescue
    Range: CR_LVWRGBMF286RV1.0.0B04

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.