Buffer Overflow Vulnerability in ZTE MF296R Could Lead to Denial of Service Attack
CVE-2022-39068

6.5MEDIUM

Key Information:

Vendor: Zte
Status: Mf296r
Vendor: CVE Published:; 18 September 2024

What is CVE-2022-39068?

A buffer overflow vulnerability exists in the ZTE MF296R device, caused by improper validation of the length of SMS parameters. This allows for potential exploitation by authenticated attackers, resulting in a denial of service that can disrupt the normal operation of the device. Proper validation mechanisms should be implemented to mitigate the risks associated with such attacks, ensuring the security and reliability of the device.

Affected Version(s)

MF296R ARM MF296R_Nordic1_B06

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024

Zte

What is CVE-2022-39068?

Affected Version(s)

References

CVSS V3.1

Timeline