Описание
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:zte:mf258k_pro_firmware:1.0.0b03:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf258k_pro:-:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00238
Низкий
6.8 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-20
CWE-78
Связанные уязвимости
CVSS3: 6.8
github
больше 1 года назад
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
EPSS
Процентиль: 47%
0.00238
Низкий
6.8 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-20
CWE-78