Описание
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:zte:mc801a_firmware:mc801a_elisa3_b19:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:zte:mc801a1_firmware:mc801a1_elisa1_b04:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a1:-:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.0028
Низкий
8.4 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-77
CWE-77
Связанные уязвимости
CVSS3: 8.4
github
около 2 лет назад
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
EPSS
Процентиль: 51%
0.0028
Низкий
8.4 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-77
CWE-77