CVE-2022-39073

CRITICAL

ZTE MF286R - Command Injection

Title source: llm

Description

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

Exploits (1)

nomisec WORKING POC 10 stars

by v0lp3 · poc

https://github.com/v0lp3/CVE-2022-39073

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028664

Scores

CVSS v3 9.8

EPSS 0.1758

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

zte/mf286r_firmware nordic_mf286r_b06

Published Jan 06, 2023

Tracked Since Feb 18, 2026