Vulnerabilities > ZTE > Mf286R Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-25651 SQL Injection vulnerability in ZTE Mf286R Firmware and Mf833U1 Firmware
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
low complexity
zte CWE-89
8.0
8.0
2023-08-25 CVE-2023-25649 Command Injection vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04
There is a command injection vulnerability in a mobile internet product of ZTE.
network
low complexity
zte CWE-77
8.8
8.8
2023-01-06 CVE-2022-39072 SQL Injection vulnerability in ZTE Mf286R Firmware and Mf289D Firmware
There is a SQL injection vulnerability in Some ZTE Mobile Internet products.
network
low complexity
zte CWE-89
5.4
5.4
2023-01-06 CVE-2022-39073 Command Injection vulnerability in ZTE Mf286R Firmware Nordicmf286Rb06
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
network
low complexity
zte CWE-77
critical
 9.8
9.8
2022-11-22 CVE-2022-39066 SQL Injection vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04
There is a SQL injection vulnerability in ZTE MF286R.
network
low complexity
zte CWE-89
8.8
8.8
2022-11-22 CVE-2022-39067 Classic Buffer Overflow vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04
There is a buffer overflow vulnerability in ZTE MF286R.
network
low complexity
zte CWE-120
6.5
6.5