Description
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.
Exploits (1)
exploitdb
WORKING POC
by Nathu Nandwani · textwebappshardware
https://www.exploit-db.com/exploits/46102
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46102/
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483
Scores
CVSS v3
6.1
EPSS
0.0096
EPSS Percentile
76.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
zte/mf65_firmware
< 1.0.0b05
zte/mf65m1_firmware
< 1.0.0b02
Published
Sep 26, 2018
Tracked Since
Feb 18, 2026