Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mf286R Firmware Security Vulnerabilities - 2023

cve
cve

CVE-2022-39072

There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.

5.4CVSS

5.6AI Score

0.001EPSS

2023-01-06 07:15 PM
31
cve
cve

CVE-2022-39073

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

9.8CVSS

9.7AI Score

0.001EPSS

2023-01-06 07:15 PM
47
cve
cve

CVE-2023-25649

There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

8.8CVSS

8.8AI Score

0.001EPSS

2023-08-25 10:15 AM
26
cve
cve

CVE-2023-25651

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

8CVSS

7.9AI Score

0.0004EPSS

2023-12-14 07:15 AM
14