exploitDog

CVE-2022-39066

Опубликовано: 22 нояб. 2022

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

Ссылки

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744
Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zte:mf286r_firmware:*:*:*:*:*:*:*:*

Версия до mf286r_b07 (исключая)

cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.51077

Средний

8.8 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-2m5w-88gg-379g

CVSS3: 8.8

github

около 3 лет назад

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

EPSS

Процентиль: 98%

0.51077

Средний

8.8 High

CVSS3

Дефекты

CWE-89

CWE-89