CVE-2023-25643

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:mc801a_firmware:mc801a_elisa3_b19:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zte:mc801a1_firmware:mc801a1_elisa1_b04:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:49

Type Values Removed Values Added
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 - Vendor Advisory () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 - Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 8.4

18 Dec 2023, 20:09

Type Values Removed Values Added
CPE cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:mc801a_firmware:mc801a_elisa3_b19:*:*:*:*:*:*:*
cpe:2.3:h:zte:mc801a1:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:mc801a1_firmware:mc801a1_elisa1_b04:*:*:*:*:*:*:*
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 - () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 - Vendor Advisory
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 8.8
First Time Zte
Zte mc801a Firmware
Zte mc801a1 Firmware
Zte mc801a
Zte mc801a1

14 Dec 2023, 13:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 08:15

Updated : 2024-11-21 07:49


NVD link : CVE-2023-25643

Mitre link : CVE-2023-25643

CVE.ORG link : CVE-2023-25643


JSON object : View

Products Affected

zte

  • mc801a1
  • mc801a1_firmware
  • mc801a
  • mc801a_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')