VYPR
Unrated severityNVD Advisory· Published Oct 29, 2024· Updated Oct 29, 2024

ZTE MF258 Pro product has a OS Command injection vulnerability

CVE-2024-22065

Description

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Affected products

2
  • Zte/MF258K Prollm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: ZTE_MF258PRO_STD_V1.0.0B03

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.