CVE-2024-22065

ZTE MF258 Pro product has a OS Command injection vulnerability

Description

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

INFO

Published Date :

2024-10-29T01:58:29.002Z

Last Modified :

2024-10-29T13:29:22.586Z

Source :

zte

AFFECTED PRODUCTS

The following products are affected by CVE-2024-22065 vulnerability.

Vendors	Products
Zte	Mf258 Pro Firmware Mf258k Pro Mf258k Pro Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-22065.

URL	Resource
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225572

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact