CVE-2023-25649
published 2023-08-25CVE-2023-25649: There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an…
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.58%
72.4th percentile
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zte | mf286r | — | — |
| zte | mf286r_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g68x-2w79-87x5: There is a command injection vulnerability in a mobile internet product of ZTE
ghsa_unreviewed·2023-08-25
CVE-2023-25649 [HIGH] CWE-77 GHSA-g68x-2w79-87x5: There is a command injection vulnerability in a mobile internet product of ZTE
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Oracle
Oracle Oracle Insurance Applications Risk Matrix: Logger (jackson-databind) — CVE-2020-25649
vendor_oracle·2023-04-15·CVSS 7.5
CVE-2020-25649 [HIGH] Oracle Oracle Insurance Applications Risk Matrix: Logger (jackson-databind) — CVE-2020-25649
Oracle Oracle Insurance Applications Risk Matrix: Logger (jackson-databind) vulnerability
CVE: CVE-2020-25649
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-25
Published