|
Initial Release Date: November 21, 2022 Vulnerability ID CVE ID:CVE-2022-39067 CNNVD ID:CNNVD-2022-33330902 CVSS 3.1 Base Score 4.5 Medium(AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Description There is a buffer overflow vulnerability in Some ZTE Products. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. Affected Products and Fixes Product Name | Affected Version | Resolved Version | MF286R | Nordic_MF286R_B06 | Nordic_MF286R_B07 | MF289D | CR_TMOCZMF289DV1.0.0B07 | CR_TMOCZMF289DV1.0.1B04 |
Acknowledgement ZTE thanks Andrea Maugeri for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records November 21, 2022, initial. December 25, 2022, updated affected products and fixes. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|