Lucene search
HistoryDec 14, 2023 - 8:15 a.m.
CVE-2023-25644
cve-2023-25644
zte
denial of service
vulnerability
internet products
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.0%
There is a denial of service vulnerability in some ZTEΒ mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
Affected configurations
Node
ztemc801aMatch-
ztemc801a_firmwareMatchmc801a_elisa3_b19
Node
ztemc801a1Match-
ztemc801a1_firmwareMatchmc801a1_elisa1_b04
| CPE | Name | Operator | Version |
|---|---|---|---|
| zte:mc801a_firmware | zte mc801a firmware | eq | mc801a_elisa3_b19 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "MC801A",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "B19",
"status": "affected",
"version": "MC801A_Elisa3_B19",
"versionType": "B19"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "MC801A1",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "B04",
"status": "affected",
"version": "MC801A1_Elisa1_B04",
"versionType": "B04"
}
]
}
]Related
cnvd
cnvd
ZTE MC801A and MC801A1 Web Interface Buffer Overflow Vulnerability
2023-12-18 00:00:00
cvelist
cvelist
prion
prion
Input validation
2023-12-14 08:15:00
nvd
nvd
CVE-2023-25644
2023-12-14 08:15:38
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.0%
Related for CVE-2023-25644