CVE-2022-39066: SQL Injection
First published: Tue Nov 22 2022(Updated: )
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Mf286r Firmware | <mf286r_b07 | |
| ZTE MF286R |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-39066?
CVE-2022-39066 is a SQL injection vulnerability in ZTE MF286R.
How does CVE-2022-39066 work?
CVE-2022-39066 works by exploiting insufficient validation of input parameters in the phonebook interface of ZTE MF286R.
Who can exploit CVE-2022-39066?
An authenticated attacker can exploit CVE-2022-39066.
What is the severity of CVE-2022-39066?
CVE-2022-39066 has a severity score of 8.8 (high).
Is there a fix available for CVE-2022-39066?
Yes, please refer to the official ZTE support page for the fix.
- collector/nvd-index
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zte
- canonical/zte mf286r firmware
- canonical/zte mf286r