CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:mf286r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-22 17:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-39066

Mitre link : CVE-2022-39066

CVE.ORG link : CVE-2022-39066


JSON object : View

Products Affected

zte

  • mf286r_firmware
  • mf286r
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')