CVE-2023-25643



There is a command injection vulnerability in some ZTE mobile internetproducts. Due to insufficient inputvalidation ofmultiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
zteCNA
8.4 HIGH
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Common Weakness Enumeration
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504