Description
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
References (1)
Core 1
Core References
Scores
CVSS v3
5.4
EPSS
0.0052
EPSS Percentile
67.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (2)
zte/mf286r_firmware
nordic_mf286r_b06
zte/mf289d_firmware
cr_tmoczmf289dv1.0.0b07
Published
Jan 06, 2023
Tracked Since
Feb 18, 2026