There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: zte
Published: 2023-08-25T09:37:36.684Z
Updated: 2024-08-02T11:25:19.250Z
Reserved: 2023-02-09T19:47:48.023Z
Link: CVE-2023-25649
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-25T10:15:08.247
Modified: 2023-08-31T16:22:56.523
Link: CVE-2023-25649
Redhat
No data.