Vulnerabilities (CVE)

Filtered by vendor Zte Subscribe
Filtered by product Mf286r Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25651 1 Zte 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more 2024-02-05 N/A 8.0 HIGH
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
CVE-2022-39067 1 Zte 2 Mf286r, Mf286r Firmware 2024-02-04 N/A 6.5 MEDIUM
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVE-2022-39066 1 Zte 2 Mf286r, Mf286r Firmware 2024-02-04 N/A 8.8 HIGH
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
CVE-2022-39072 1 Zte 4 Mf286r, Mf286r Firmware, Mf289d and 1 more 2024-02-04 N/A 5.4 MEDIUM
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.