|
Initial Release Date: August 28, 2023 Vulnerability ID CVE ID: CVE-2023-25644 CNNVD ID: CNNVD-2023-37755663 CVSS 3.1 Base Score 6.5 Medium (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack. . Affected Products and Fixes Product Name | Affected Version | Resolved Version | MC801A | MC801A_Elisa3_B19 | MC801A_Elisa3_B22 | MC801A1 | MC801A1_Elisa1_B04 | MC801A1_Elisa1_B06 |
Acknowledgement ZTE thanks Patrik Jokela (University of Jyväskylä) for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records August 28, 2023, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|