Lucene search

ZteVULNRICHMENT:CVE-2022-39068

HistorySep 18, 2024 - 1:57 a.m.

CVE-2022-39068 Buffer Overflow Vulnerability in ZTE MF296R

2024-09-1801:57:54

CWE-122

zte

github.com

buffer overflow

zte mf296r

validation

sms parameter

denial of service

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028984

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-39068