CVE-2024-22065

MEDIUM

6.8

Descricao

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Detalhes CVE

Pontuacao CVSS v3.16.8

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioNONE

Publicado10/29/2024

Ultima modificacao1/28/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

zte:mf258k_prozte:mf258k_pro_firmware

Fraquezas (CWE)

CWE-20CWE-78

Referencias

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225572(psirt@zte.com.cn)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.