First published: Fri Jan 06 2023(Updated: )
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Mf286r Firmware | =nordic_mf286r_b06 | |
ZTE MF286R | ||
Zte Mf289d Firmware | =cr_tmoczmf289dv1.0.0b07 | |
Zte Mf289d |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this SQL injection vulnerability is CVE-2022-39072.
Some ZTE Mobile Internet products, such as Zte Mf286r Firmware and Zte Mf289d Firmware, are affected by this vulnerability.
The severity of CVE-2022-39072 is medium, with a CVSS score of 5.4.
An authenticated attacker could exploit this vulnerability by using the SQL injection vulnerability to execute stored XSS attacks.
Please refer to the vendor's advisory at the provided reference link for information on available fixes and patches.