ZTE MF286R < mf286r_b07 - Authenticated SQL Injection via Phonebook Interface
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.