Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-25643

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Published

2023-12-14T08:15:38.357

Last Modified

2024-11-21T07:49:51.263

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-77
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	mc801a_firmware	mc801a_elisa3_b19	Yes
Hardware	zte	mc801a	-	No
Operating System	zte	mc801a1_firmware	mc801a1_elisa1_b04	Yes
Hardware	zte	mc801a1	-	No

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 Vendor Advisory ([email protected])
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)