Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-25651

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

Published

2023-12-14T07:15:08.270

Last Modified

2024-11-21T07:49:52.290

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	mf833u1_firmware	bd_mf833u1v1.0.0b01	Yes
Hardware	zte	mf833u1	-	No
Operating System	zte	mf286r_firmware	cr_lvwrgbmf286rv1.0.0b04	Yes
Hardware	zte	mf286r	-	No

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684 Vendor Advisory ([email protected])
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)