CVE-2023-25651

Summary

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

Affected Software

VendorProductVersion RangeStatus
ZTEMobile Internet ProductsBD_MF833U1V1.0.0B01 <= V1.0.0B01affected
ZTEMobile Internet ProductsCR_LVWRGBMF286RV1.0.0B04 <= V1.0.0B04affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References