CVE-2023-25644

MEDIUM

ZTE Mc801a Firmware - Improper Exception Handling

Title source: rule

Description

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.

References (1)

Scores

CVSS v3 6.5
EPSS 0.0031
EPSS Percentile 54.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-755
Status published

Affected Products (2)

zte/mc801a_firmware
zte/mc801a1_firmware

Timeline

Published Dec 14, 2023
Tracked Since Feb 18, 2026