CVE-2023-41781

MEDIUM

ZTE MF258 Firmware - Stored Cross-Site Scripting via SMS Interface Parameter

Title source: llm

Description

There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.

References (1)

Core 1

Core References

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684

Scores

CVSS v3 5.7

EPSS 0.0006

EPSS Percentile 19.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20 CWE-79

Status published

Products (2)

zte/mf258_firmware zte_std_v1.0.0b08

zte/mf258_firmware zte_std_v1.0.0b10

Published Jan 10, 2024

Tracked Since Feb 18, 2026