CVE-2023-25651
4.3
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZTE | Mobile Internet Products | BD_MF833U1V1.0.0B01 <= V1.0.0B01 | affected |
| ZTE | Mobile Internet Products | CR_LVWRGBMF286RV1.0.0B04 <= V1.0.0B04 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.