What is the severity of CVE-2023-25643?

CVE-2023-25643 has been classified as a high severity vulnerability due to its command injection potential.

How do I fix CVE-2023-25643?

To fix CVE-2023-25643, update the firmware of the affected ZTE mobile internet products to a secure version that addresses the vulnerability.

Which ZTE products are affected by CVE-2023-25643?

CVE-2023-25643 affects the ZTE MC801A and MC801A1 devices running specific firmware versions.

What type of attack can be executed through CVE-2023-25643?

CVE-2023-25643 allows an authenticated attacker to execute arbitrary commands due to insufficient input validation.

Is CVE-2023-25643 exploitable remotely?

CVE-2023-25643 requires authentication, meaning an attacker must first gain access to the network products to exploit it.

Vulnerability/
CVE-2023-25643

high

8.8

CWE

14/12/2023

28/8/2024

CVE-2023-25643: Two Vulnerabilities in Some ZTE Mobile Internet Products

First published: Thu Dec 14 2023(Updated: )

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Credit: psirt@zte.com.cn

Affected Software	Affected Version	How to fix
All of
ZTE MC801A Firmware	=mc801a_elisa3_b19
ZTE MC801A1
All of
ZTE MC801A1 Firmware	=mc801a1_elisa1_b04
ZTE MC801A1 Firmware

Remedy

MC801A_Elisa3_B22, MC801A1_Elisa1_B06

Never miss a vulnerability like this again

Reference Links

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504

Frequently Asked Questions

What is the severity of CVE-2023-25643?
CVE-2023-25643 has been classified as a high severity vulnerability due to its command injection potential.
How do I fix CVE-2023-25643?
To fix CVE-2023-25643, update the firmware of the affected ZTE mobile internet products to a secure version that addresses the vulnerability.
Which ZTE products are affected by CVE-2023-25643?
CVE-2023-25643 affects the ZTE MC801A and MC801A1 devices running specific firmware versions.
What type of attack can be executed through CVE-2023-25643?
CVE-2023-25643 allows an authenticated attacker to execute arbitrary commands due to insufficient input validation.
Is CVE-2023-25643 exploitable remotely?
CVE-2023-25643 requires authentication, meaning an attacker must first gain access to the network products to exploit it.

agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/weakness
agent/remedy
agent/severity
agent/references
agent/author
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
vendor/zte
canonical/zte mc801a firmware
version/zte mc801a firmware/mc801a_elisa3_b19
canonical/zte mc801a1 firmware
version/zte mc801a1 firmware/mc801a1_elisa1_b04
canonical/zte mc801a1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.