Lucene search
ZteCVELIST:CVE-2023-25643HistoryDec 14, 2023 - 7:19 a.m.
CVE-2023-25643 Two Vulnerabilities in Some ZTE Mobile Internet Products
2023-12-1407:19:08
CWE-77
zte
www.cve.org
8
cve-2023-25643
vulnerabilities
zte
mobile internet
command injection
authentication
arbitrary commands
CVSS3
8.4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
18.7%
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "MC801A",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "B19",
"status": "affected",
"version": "MC801A_Elisa3_B19",
"versionType": "B19"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "MC801A1",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "B04",
"status": "affected",
"version": "MC801A1_Elisa1_B04",
"versionType": "B04"
}
]
}
]Related
nvd
nvd
CVE-2023-25643
2023-12-14 08:15:38
cnvd
cnvd
ZTE MC801A Command Injection Vulnerability
2023-12-18 00:00:00
cve
cve
CVE-2023-25643
2023-12-14 08:15:38
vulnrichment
vulnrichment
CVE-2023-25643 Two Vulnerabilities in Some ZTE Mobile Internet Products
2023-12-14 07:19:08
prion
prion
Command injection
2023-12-14 08:15:00
CVSS3
8.4
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
18.7%
Related for CVELIST:CVE-2023-25643