First published: Tue Dec 01 2020(Updated: )
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxv10 W908 Firmware | <mips_a_1022ipv6r3t6p7y20 | |
Zte Zxv10 W908 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.