Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39072

There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.

Published

2023-01-06T19:15:09.170

Last Modified

2025-04-10T14:15:22.590

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-89
Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	mf286r_firmware	nordic_mf286r_b06	Yes
Hardware	zte	mf286r	-	No
Operating System	zte	mf289d_firmware	cr_tmoczmf289dv1.0.0b07	Yes
Hardware	zte	mf289d	-	No

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028624 Vendor Advisory ([email protected])
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028624 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)