Lucene search

ZteCVELIST:CVE-2022-39068

HistorySep 18, 2024 - 1:57 a.m.

CVE-2022-39068 Buffer Overflow Vulnerability in ZTE MF296R

2024-09-1801:57:54

CWE-122

zte

www.cve.org

buffer overflow

zte mf296r

insufficient validation

denial of service

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.1%

JSON

There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "ARM"
    ],
    "product": "MF296R",
    "vendor": "ZTE",
    "versions": [
      {
        "status": "affected",
        "version": "MF296R_Nordic1_B06"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028984

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2022-39068