zte mf286r_firmware CVE Vulnerabilities (6)

CVEs: 6 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting zte mf286r_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 16 of 6 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-25651 There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. [email protected] 4.3 0.34% 2023-12-14 2026-06-17
CVE-2023-25649 There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. [email protected] 6.8 1.58% 2023-08-25 2026-06-17
CVE-2022-39073 There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. [email protected] 9.8 3.34% 2023-01-06 2026-06-17
CVE-2022-39072 There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks. [email protected] 5.4 0.34% 2023-01-06 2026-06-17
CVE-2022-39067 There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. [email protected] 6.5 0.60% 2022-11-22 2026-06-17
CVE-2022-39066 There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. [email protected] 8.8 26.54% 2022-11-22 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence