A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.
[
{
"product": "ZXV10 W908",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before MIPS_A_1022IPV6R3T6P7Y20"
}
]
}
]