Lucene search

ZteVULNRICHMENT:CVE-2023-25643

HistoryDec 14, 2023 - 7:19 a.m.

CVE-2023-25643 Two Vulnerabilities in Some ZTE Mobile Internet Products

2023-12-1407:19:08

CWE-77

zte

github.com

cve-2023-25643

vulnerabilities

zte

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

18.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*"
    ],
    "vendor": "zte",
    "product": "mc801a",
    "versions": [
      {
        "status": "affected",
        "version": "mc801a_elisa3_b19",
        "versionType": "custom",
        "lessThanOrEqual": "b19"
      },
      {
        "status": "affected",
        "version": "mc801a1_elisa1_b04",
        "versionType": "custom",
        "lessThanOrEqual": "b04"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

18.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-25643