CVE-2023-41781

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41781
There is a Cross-site scripting (XSS)  vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.

5.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:zte:mf258_firmware:zte_std_v1.0.0b08:*:*:*:*:*:*:*
cpe:2.3:o:zte:mf258_firmware:zte_std_v1.0.0b10:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf258:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:21

Type Values Removed Values Added
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 - Vendor Advisory () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.1 		v2 : unknown
v3 : 5.7

17 Jan 2024, 01:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.7 		v2 : unknown
v3 : 6.1
CWE CWE-79
CPE cpe:2.3:h:zte:mf258:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:mf258_firmware:zte_std_v1.0.0b08:*:*:*:*:*:*:*
cpe:2.3:o:zte:mf258_firmware:zte_std_v1.0.0b10:*:*:*:*:*:*:*
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 - () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 - Vendor Advisory
First Time Zte mf258
Zte mf258 Firmware
Zte

10 Jan 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) Hay una vulnerabilidad de Cross-Site Scripting (XSS) en ZTE MF258. Debido a una validación de entrada insuficiente del parámetro de la interfaz SMS, se desencadenará un ataque XSS.

10 Jan 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-10 07:15

Updated : 2024-11-21 08:21

NVD link : CVE-2023-41781

Mitre link : CVE-2023-41781

CVE.ORG link : CVE-2023-41781

JSON object : View

Products Affected

zte

  • mf258_firmware
  • mf258
CWE
CWE-20

Improper Input Validation

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')