Mf286r Firmware Security Vulnerabilities and Issues — Mf286r Firmware CVE List

Lucene search

ZteMf286r Firmware

6 matches found

CVE•added 2023/01/06 7:15 p.m.•68 views

CVE-2022-39073

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

9.8CVSS9.7AI score0.12503EPSS

CVE•added 2022/11/22 5:15 p.m.•56 views

CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

8.8CVSS9AI score0.69963EPSS

CVE•added 2023/01/06 7:15 p.m.•47 views

CVE-2022-39072

There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.

5.4CVSS5.6AI score0.00243EPSS

CVE•added 2022/11/22 5:15 p.m.•45 views

CVE-2022-39067

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.

6.5CVSS6.5AI score0.00203EPSS

CVE•added 2023/08/25 10:15 a.m.•42 views

CVE-2023-25649

There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

8.8CVSS8AI score0.00142EPSS

CVE•added 2023/12/14 7:15 a.m.•23 views

CVE-2023-25651

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

8CVSS6.4AI score0.00044EPSS