{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46583", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "state": "PUBLISHED", "assignerShortName": "zte", "dateReserved": "2025-04-25T00:28:13.909Z", "datePublished": "2025-10-27T09:23:38.328Z", "dateUpdated": "2025-10-27T15:47:46.207Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MC889A Pro", "vendor": "ZTE", "versions": [{"status": "affected", "version": "BD_STDPLMC889A PROV1.0.1B06"}, {"status": "affected", "version": "BD_STDPLMC889A PROV1.0.1B08"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zte:mc889a_pro:bd_stdplmc889a_prov1.0.1b06:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:zte:mc889a_pro:bd_stdplmc889a_prov1.0.1b08:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><div><div><div><div><p>There is a Denial of Service\uff08DoS\uff09vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.</p></div></div></div></div></div></div></div>"}], "value": "There is a Denial of Service\uff08DoS\uff09vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2025-10-27T09:23:38.328Z"}, "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2594779029512220894"}], "source": {"discovery": "UNKNOWN"}, "title": "DOS Vulnerability in ZTE MC889A Pro product", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-27T15:47:33.345955Z", "id": "CVE-2025-46583", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T15:47:46.207Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-27T15:47:33.345955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T15:47:39.500Z"}}], "cna": {"title": "DOS Vulnerability in ZTE MC889A Pro product", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZTE", "product": "MC889A Pro", "versions": [{"status": "affected", "version": "BD_STDPLMC889A PROV1.0.1B06"}, {"status": "affected", "version": "BD_STDPLMC889A PROV1.0.1B08"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2594779029512220894"}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "There is a Denial of Service\uff08DoS\uff09vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.", "supportingMedia": [{"type": "text/html", "value": "<div><div><div><div><div><div><div><p>There is a Denial of Service\uff08DoS\uff09vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack.</p></div></div></div></div></div></div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:mc889a_pro:bd_stdplmc889a_prov1.0.1b06:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:zte:mc889a_pro:bd_stdplmc889a_prov1.0.1b08:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2025-10-27T09:23:38.328Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46583", "state": "PUBLISHED", "dateUpdated": "2025-10-27T15:47:46.207Z", "dateReserved": "2025-04-25T00:28:13.909Z", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "datePublished": "2025-10-27T09:23:38.328Z", "assignerShortName": "zte"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "There is a Denial of Service\uff08DoS\uff09vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack."}], "id": "CVE-2025-46583", "lastModified": "2025-10-27T13:19:49.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@zte.com.cn", "type": "Secondary"}]}, "published": "2025-10-27T10:15:39.210", "references": [{"source": "psirt@zte.com.cn", "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2594779029512220894"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "psirt@zte.com.cn", "type": "Secondary"}]}

{}

{"created": "2025-10-27T22:03:53.608949+00:00", "updated": "2025-10-27T22:03:53.608986+00:00", "vendors": ["zte", "zte$PRODUCT$mc889a"]}