CVE-2024-22065

ZTE MF258 Pro product has a OS Command injection vulnerability

CVSS 6.8 MEDIUMEPSS 1.2%CWE-20

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

ZTE · MF258 Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225572