CVE-2019-3411: Command Injection
First published: Tue Jun 11 2019(Updated: )
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Mf920 Firmware | <bd_r218v2.4 | |
| ZTE MF920 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2019-3411?
CVE-2019-3411 is classified as a medium severity vulnerability due to the potential for sensitive information leakage.
How do I fix CVE-2019-3411?
To fix CVE-2019-3411, upgrade to software version BD_R218V2.4 or later.
What is the impact of CVE-2019-3411?
The impact of CVE-2019-3411 is that an attacker can obtain the WebUI login password without authentication.
Which devices are affected by CVE-2019-3411?
All ZTE MF920 devices with firmware versions up to BD_R218V2.4 are affected by CVE-2019-3411.
Can CVE-2019-3411 lead to unauthorized access?
Yes, CVE-2019-3411 can potentially lead to unauthorized access due to the exposure of login credentials.
- collector/nvd-index
- zeroday/true
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/zte
- canonical/zte mf920 firmware
- canonical/zte mf920