CVE-2023-25643

Summary

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
ZTEMC801AMC801A_Elisa3_B19 <= B19affected
ZTEMC801A1MC801A1_Elisa1_B04 <= B04affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References