CVE-2018-7355
CVE-2018-7355
In short
The ZTE MF65 and MF65M1 devices have a security flaw where user input isn't properly cleaned before being displayed on web pages. An attacker could inject malicious code that runs in a victim's browser when they visit a specially crafted link.
Technical detail
Reflected XSS vulnerability in web interface due to insufficient input sanitization. Attack vector requires user interaction (victim clicking a malicious link); attacker can execute arbitrary JavaScript in victim's browser context, potentially stealing credentials or session tokens.
Summary generated and translated by AI from the official description.
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.
public PoCs found — 2
cve_referencewww.exploit-db.com/exploits/46102/unverifiedexploitdbwww.exploit-db.com/exploits/46102unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →