MF286R
by Zte
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-39066 | 0.04 | — | 0.27 | Nov 22, 2022 | There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. | |||
| CVE-2022-39073 | 0.01 | — | 0.03 | Jan 6, 2023 | There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | |||
| CVE-2023-25649 | 0.00 | — | 0.02 | Aug 25, 2023 | There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | |||
| CVE-2022-39067 | 0.00 | — | 0.01 | Nov 22, 2022 | There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. |
- CVE-2022-39066Nov 22, 2022risk 0.04cvss —epss 0.27
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
- CVE-2022-39073Jan 6, 2023risk 0.01cvss —epss 0.03
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
- CVE-2023-25649Aug 25, 2023risk 0.00cvss —epss 0.02
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
- CVE-2022-39067Nov 22, 2022risk 0.00cvss —epss 0.01
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.