Vulnerability Details CVE-2023-25643
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.0%
CVSS Severity
CVSS v3 Score 8.4
References
Products affected by CVE-2023-25643
-
cpe:2.3:h:zte:mc801a1:-
-
cpe:2.3:h:zte:mc801a:-
-
cpe:2.3:o:zte:mc801a1_firmware:mc801a1_elisa1_b04
-
cpe:2.3:o:zte:mc801a_firmware:mc801a_elisa3_b19