CVE-2022-39072

Summary

There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.

Affected Software

VendorProductVersion RangeStatus
n/aMF286R,MF289DNordic_MF286R_B06, CR_TMOCZMF289DV1.0.0B07affected

Weaknesses

  • SQL injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References