Lucene search

[email protected]NVD:CVE-2022-39068

HistorySep 18, 2024 - 2:15 a.m.

CVE-2022-39068

2024-09-1802:15:09

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

buffer overflow

zte mf296r

sms parameter

denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.1%

JSON

There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.

Affected configurations

Nvd

Node

ztemf296r_firmwareMatchmf296r_nordic1_b06

AND

ztemf296rMatch-

VendorProductVersionCPE
ztemf296r_firmwaremf296r_nordic1_b06cpe:2.3:o:zte:mf296r_firmware:mf296r_nordic1_b06:*:*:*:*:*:*:*
ztemf296r-cpe:2.3:h:zte:mf296r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zte	mf296r_firmware	mf296r_nordic1_b06	cpe:2.3:o:zte:mf296r_firmware:mf296r_nordic1_b06:::::::*
zte	mf296r	-	cpe:2.3:h:zte:mf296r:-:::::::*

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028984

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.1%

JSON

Related for NVD:CVE-2022-39068

vulnrichment1 cvelist1 cve1