CVE-2022-39066
HIGHZTE MF286R < mf286r_b07 - Authenticated SQL Injection via Phonebook Interface
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-39066. PoCs published by v0lp3.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-39066, a SQL injection vulnerability in ZTE routers. The exploit leverages the PHONE_BLOCK_ADD handler to inject malicious SQL queries, allowing file creation and data manipulation.
Description
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Exploits (1)
This repository contains a functional exploit for CVE-2022-39066, a SQL injection vulnerability in ZTE routers. The exploit leverages the PHONE_BLOCK_ADD handler to inject malicious SQL queries, allowing file creation and data manipulation.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H