VYPR

MF286R

by Zte

CVEs (4)

  • CVE-2022-39066Nov 22, 2022
    risk 0.04cvss epss 0.27

    There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

  • CVE-2022-39073Jan 6, 2023
    risk 0.01cvss epss 0.03

    There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

  • CVE-2023-25649Aug 25, 2023
    risk 0.00cvss epss 0.02

    There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

  • CVE-2022-39067Nov 22, 2022
    risk 0.00cvss epss 0.01

    There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.