CVE-2023-25643

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:mc801a_firmware:mc801a_elisa3_b19:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zte:mc801a1_firmware:mc801a1_elisa1_b04:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a1:-:*:*:*:*:*:*:*

History

18 Dec 2023, 20:09

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-77
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 - () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 - Vendor Advisory
First Time Zte mc801a
Zte mc801a1
Zte mc801a Firmware
Zte mc801a1 Firmware
Zte
CPE cpe:2.3:o:zte:mc801a_firmware:mc801a_elisa3_b19:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a1:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:mc801a1_firmware:mc801a1_elisa1_b04:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*

14 Dec 2023, 13:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 08:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-25643

Mitre link : CVE-2023-25643

CVE.ORG link : CVE-2023-25643


JSON object : View

Products Affected

zte

  • mc801a_firmware
  • mc801a1
  • mc801a
  • mc801a1_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')