|
Initial Release Date: January 10, 2024 Vulnerability ID CVE ID:CVE-2023-41781 CNNVD ID:CNNVD-2023-60442332 CVSS 3.1 Base Score 5.7 Medium (AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L) Description There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. Affected Products and Fixes Product Name | Affected Version | Resolved Version | MF258 | ZTE_STD_V1.0.0B08 ZTE_STD_V1.0.0B10 | ZTE_STD_V1.0.0B11 |
Acknowledgement ZTE thanks MateuszLach for paying attention to our products and cooperating with us to disclose vulnerability. Update Records January 10 2024, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|