Vulnerabilities > ZTE > Mf286R Firmware > cr.lvwrgbmf286rv1.0.0b04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-25651 | SQL Injection vulnerability in ZTE Mf286R Firmware and Mf833U1 Firmware There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. | 8.0 |
| 2023-08-25 | CVE-2023-25649 | Command Injection vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04 There is a command injection vulnerability in a mobile internet product of ZTE. | 8.8 |