CVE-2022-39073

CRITICAL

ZTE MF286R Firmware - OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-39073. PoCs published by v0lp3.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-39073, a command injection vulnerability in ZTE routers. The exploit leverages the `WATCH_DOG_SWITCH` handler in the `goahead` webserver to execute arbitrary commands, leading to remote code execution (RCE).

Description

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

Exploits (1)

nomisec WORKING POC 10 stars
by v0lp3 · poc
https://github.com/v0lp3/CVE-2022-39073

This repository contains a functional exploit for CVE-2022-39073, a command injection vulnerability in ZTE routers. The exploit leverages the `WATCH_DOG_SWITCH` handler in the `goahead` webserver to execute arbitrary commands, leading to remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ZTE routers with firmware versions BD_POSTEMF286RMODULEV1.0.0B12 and CR_ITPOSTEMF286RV1.0.0B10
Auth required
Prerequisites: Router connected to WAN or Internet via SIM card · Admin credentials · Attacker-controlled HTTP server to host netcat binary · Listening socket for reverse shell
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0334
EPSS Percentile 87.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
zte/mf286r_firmware nordic_mf286r_b06
Published Jan 06, 2023
Tracked Since Feb 18, 2026