CVE-2019-3417
CVE-2019-3417
In short
A command injection vulnerability in ZTE ZXHN F670 routers allows authorized users to execute arbitrary commands and take control of the device due to inadequate validation of user input parameters.
Technical detail
The vulnerability exists in parameter validation mechanisms of ZTE ZXHN F670 firmware versions up to V1.1.10P3T18, permitting authenticated attackers to inject arbitrary system commands through insufficiently sanitized input fields. Exploitation requires administrative access to the router's interface and results in complete system compromise.
Summary generated and translated by AI from the official description.
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Affected products
ZTE · ZXHN F670Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →