Sql injection

2023-12-1407:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

zte

mobile internet

information leak

nvd

insufficient input validation

sms interface parameter

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.3%

JSON

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

CPENameOperatorVersion
mf286r_firmwareeqcr-lvwrgbmf286rv1.0.0b4
mf833u1_firmwareeqbd-mf833u1v1.0.0b1

CPE	Name	Operator	Version
	mf286r_firmware	eq	cr-lvwrgbmf286rv1.0.0b4
	mf833u1_firmware	eq	bd-mf833u1v1.0.0b1

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684