|
Initial Release Date: November 21, 2022 Vulnerability ID CVE ID:CVE-2022-39067 CNNVD ID:CNNVD-2022-33330902 CVSS 3.1 Base Score 4.5 Medium(AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Description There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. Affected Products and Fixes Product Name | Affected Version | Resolved Version | MF286R | Nordic_MF286R_B06 | Nordic_MF286R_B07 |
Acknowledgement ZTE thanks Andrea Maugeri for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records November 21, 2022, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|