Lucene search

ZteCVELIST:CVE-2023-25644

HistoryDec 14, 2023 - 8:04 a.m.

CVE-2023-25644 Denial of Service Vulnerability in Some ZTE Mobile Internet Products

2023-12-1408:04:26

CWE-755

zte

www.cve.org

cve-2023-25644

denial of service

zte

mobile internet

insufficient validation

web interface parameter

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "MC801A",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThanOrEqual": "B19",
        "status": "affected",
        "version": "MC801A_Elisa3_B19",
        "versionType": "B19"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "MC801A1",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThanOrEqual": "B04",
        "status": "affected",
        "version": "MC801A1_Elisa1_B04",
        "versionType": "B04"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032624

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-25644