CVE-2022-39068

There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:mf296r_firmware:mf296r_nordic1_b06:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf296r:-:*:*:*:*:*:*:*

History

29 Sep 2024, 00:41

Type Values Removed Values Added
CWE CWE-787
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028984 - () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028984 - Vendor Advisory
First Time Zte mf296r Firmware
Zte mf296r
Zte
CVSS v2 : unknown
v3 : 4.5
v2 : unknown
v3 : 6.5
CPE cpe:2.3:o:zte:mf296r_firmware:mf296r_nordic1_b06:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf296r:-:*:*:*:*:*:*:*

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de desbordamiento de búfer en ZTE MF296R. Debido a una validación insuficiente de la longitud del parámetro SMS, un atacante autenticado podría utilizar la vulnerabilidad para realizar un ataque de denegación de servicio.

18 Sep 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-18 02:15

Updated : 2024-09-29 00:41


NVD link : CVE-2022-39068

Mitre link : CVE-2022-39068

CVE.ORG link : CVE-2022-39068


JSON object : View

Products Affected

zte

  • mf296r_firmware
  • mf296r
CWE
CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow