There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
5.4CVSS
5.6AI Score
0.001EPSS
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
9.8CVSS
9.7AI Score
0.001EPSS
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
8.8CVSS
8.8AI Score
0.001EPSS
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
8CVSS
7.9AI Score
0.0004EPSS