Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

Published

2022-11-22T17:15:10.017

Last Modified

2025-04-29T05:15:42.670

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-89
Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	mf286r_firmware	< mf286r_b07	Yes
Hardware	zte	mf286r	-	No

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744 Vendor Advisory ([email protected])
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)