Two Vulnerabilities in Some ZTE Mobile Internet Products
CVE-2023-25643

8.4HIGH

Key Information:

Vendor: Zte
Status: Mc801a; Mc801a1
Vendor: CVE Published:; 14 December 2023

What is CVE-2023-25643?

A command injection vulnerability exists in several ZTE mobile internet products stemming from inadequate input validation across various network parameters. This flaw could allow an authenticated attacker to execute arbitrary commands on the affected devices, potentially compromising their integrity and security. Ensuring proper validation of all input fields is critical to mitigating this risk.

Affected Version(s)

MC801A Linux MC801A_Elisa3_B19

MC801A1 Linux MC801A1_Elisa1_B04

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Feb 9, 2023

Zte

What is CVE-2023-25643?

Affected Version(s)

References

CVSS V3.1

Timeline