CVE-2022-39073

CRITICAL

9.8

Description

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/6/2023

Last Modified4/10/2025

Sourcenvd

Honeypot Sightings0

Affected Products

zte:mf286rzte:mf286r_firmware

Weaknesses (CWE)

CWE-77CWE-77

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028664(psirt@zte.com.cn)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028664(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.