CVE-2019-3417
HIGHZTE ZXHN F670 Firmware < 1.1.10p3t18 - Authenticated OS Command Injection
Title source: llmDescription
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010163
Scores
CVSS v3
8.8
EPSS
0.0160
EPSS Percentile
81.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
zte/zxhn_f670_firmware
< 1.1.10p3t18
Published
Aug 15, 2019
Tracked Since
Feb 18, 2026