CVE-2023-41781

MEDIUM

ZTE Mf258 Firmware - XSS

Title source: rule

Description

There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.

References (1)

[Vendor Advisory] https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684

Scores

CVSS v3 5.7

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Classification

CWE

CWE-20 CWE-79

Status published

Affected Products (2)

zte/mf258_firmware

Timeline

Published Jan 10, 2024

Tracked Since Feb 18, 2026