Description
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ZTE | Mobile Internet Products | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
No data.
No data available yet.
Remediation
Vendor Solution
BD_MF833U1V1.0.0B02, CR_LVWRGBMF286RV1.0.1B01
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-29590 | There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: zte
Published:
Updated: 2024-08-02T11:25:19.271Z
Reserved: 2023-02-09T19:47:48.023Z
Link: CVE-2023-25651
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-14T07:15:08.270
Modified: 2024-11-21T07:49:52.290
Link: CVE-2023-25651
Redhat
No data.
OpenCVE Enrichment
No data.