Lucene search
HistoryDec 14, 2023 - 8:15 a.m.
CVE-2023-25643
cve-2023-25643
command injection
zte
mobile internet
products
input validation
network parameters
authenticated attacker
arbitrary commands
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
18.7%
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Affected configurations
Node
ztemc801a_firmwareMatchmc801a_elisa3_b19
ztemc801aMatch-
Node
ztemc801a1_firmwareMatchmc801a1_elisa1_b04
ztemc801a1Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zte | mc801a_firmware | mc801a_elisa3_b19 | cpe:2.3:o:zte:mc801a_firmware:mc801a_elisa3_b19:*:*:*:*:*:*:* |
| zte | mc801a | - | cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:* |
| zte | mc801a1_firmware | mc801a1_elisa1_b04 | cpe:2.3:o:zte:mc801a1_firmware:mc801a1_elisa1_b04:*:*:*:*:*:*:* |
| zte | mc801a1 | - | cpe:2.3:h:zte:mc801a1:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-25643 Two Vulnerabilities in Some ZTE Mobile Internet Products
2023-12-14 07:19:08
cve
cve
CVE-2023-25643
2023-12-14 08:15:38
cnvd
cnvd
ZTE MC801A Command Injection Vulnerability
2023-12-18 00:00:00
vulnrichment
vulnrichment
CVE-2023-25643 Two Vulnerabilities in Some ZTE Mobile Internet Products
2023-12-14 07:19:08
prion
prion
Command injection
2023-12-14 08:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
18.7%
Related for NVD:CVE-2023-25643