Denial of Service Vulnerability in Some ZTE Mobile Internet Products

Initial Release Date:  August 28, 2023

 

Vulnerability ID

CVE ID: CVE-2023-25644      CNNVD ID: CNNVD-2023-37755663

 

CVSS 3.1 Base Score 

6.5 Medium (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

 

Description 

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.

.

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

MC801A

MC801A_Elisa3_B19

MC801A_Elisa3_B22

MC801A1

MC801A1_Elisa1_B04

MC801A1_Elisa1_B06

 

Acknowledgement

ZTE thanks Patrik Jokela (University of Jyväskylä) for paying attention to our products and cooperating with us to disclose vulnerabilities. 

 

Update Records

August 28, 2023, initial.

 

Version Update Method

A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html

[Close]