Zte Mf286R Firmware vulnerabilities
6 known vulnerabilities affecting zte/mf286r_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-25651P2HIGHCVSS 8.0Exploitedvcr_lvwrgbmf286rv1.0.0b042023-12-14
CVE-2023-25651 [HIGH] CWE-20 CVE-2023-25651: There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient in
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
nvd
CVE-2022-39066P2HIGHCVSS 8.8fixed in mf286r_b07vNordic_MF286R_B062022-11-22
CVE-2022-39066 [HIGH] CWE-89 CVE-2022-39066: There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input pa
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
nvd
CVE-2022-39073P2CRITICALCVSS 9.8vnordic_mf286r_b06vNordic_MF286R_B06,2023-01-06
CVE-2022-39073 [CRITICAL] CWE-77 CVE-2022-39073: There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the inpu
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
nvd
CVE-2023-25649P3HIGHCVSS 8.8vcr_lvwrgbmf286rv1.0.0b042023-08-25
CVE-2023-25649 [HIGH] CWE-77 CVE-2023-25649: There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
nvd
CVE-2022-39067P4MEDIUMCVSS 6.5fixed in mf286r_b07vNordic_MF286R_B062022-11-22
CVE-2022-39067 [MEDIUM] CWE-120 CVE-2022-39067: There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameter
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
nvd
CVE-2022-39072P4MEDIUMCVSS 5.4vnordic_mf286r_b062023-01-06
CVE-2022-39072 [MEDIUM] CWE-89 CVE-2022-39072: There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient val
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
nvd