Описание
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:zte:mf286r_firmware:nordic_mf286r_b06:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:zte:mf289d_firmware:cr_tmoczmf289dv1.0.0b07:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf289d:-:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00523
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
EPSS
Процентиль: 66%
0.00523
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-89
CWE-89