Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7355

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.

Published

2018-09-26T16:29:01.673

Last Modified

2024-11-21T04:12:03.540

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	mf65_firmware	≤ 1.0.0b05	Yes
Hardware	zte	mf65	-	No
Operating System	zte	mf65m1_firmware	≤ 1.0.0b02	Yes
Hardware	zte	mf65m1	-	No

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Vendor Advisory ([email protected])
https://www.exploit-db.com/exploits/46102/ ([email protected])
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46102/ (af854a3a-2127-422b-91ae-364da2661108)