|
Initial Release Date: November 21, 2022 Vulnerability ID CVE ID:CVE-2022-39066 CNNVD ID:CNNVD-2022-74781288 CVSS 3.1 Base Score 4.3 Medium(AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) Description There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. Affected Products and Fixes Product Name | Affected Version | Resolved Version | MF286R | Nordic_MF286R_B06 | Nordic_MF286R_B07 |
Acknowledgement
ZTE thanks Andrea Maugeri for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records November 21, 2022, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|