CVE-2022-39066

Summary

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

Affected Software

VendorProductVersion RangeStatus
n/aMF286RNordic_MF286R_B06affected

Weaknesses

  • SQL injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References