Buffer Overflow Vulnerability in ZTE MF296R

Initial Release Date: January 19, 2023

 

Vulnerability ID

CVE IDCVE-2022-39068           CNNVD IDCNNVD-2023-40815344

 

CVSS 3.1 Base Score 

4.5MediumAV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

 

Description 

There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

MF296R

MF296R_Nordic1_B06

MF296R_Nordic2_B08

 

Acknowledgement

ZTE thanks Daniel Wong for paying attention to our products and cooperating with us to disclose vulnerabilities.

 

Update Records

January 19, 2023, initial.

 

Version Update Method

A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html