Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for mc801a1_firmware by zte

    CVE-2023-25644 (GCVE-0-2023-25644)

    Vulnerability from nvd – Published: 2023-12-14 08:04 – Updated: 2025-05-22 17:53
    VLAI
    Title
    Denial of Service Vulnerability in Some ZTE Mobile Internet Products
    Summary
    There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE MC801A Affected: MC801A_Elisa3_B19 , ≤ B19 (B19)
    Create a notification for this product.
    ZTE MC801A1 Affected: MC801A1_Elisa1_B04 , ≤ B04 (B04)
    Create a notification for this product.
    Date Public
    2023-08-28 07:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032624"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25644",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:53:21.407373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T17:53:37.661Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B19",
                  "status": "affected",
                  "version": "MC801A_Elisa3_B19",
                  "versionType": "B19"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A1",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B04",
                  "status": "affected",
                  "version": "MC801A1_Elisa1_B04",
                  "versionType": "B04"
                }
              ]
            }
          ],
          "datePublic": "2023-08-28T07:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThere is a denial of service vulnerability in some ZTE\u0026nbsp;mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.\n\n"
                }
              ],
              "value": "\nThere is a denial of service vulnerability in some ZTE\u00a0mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755 Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T08:04:59.208Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032624"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A_Elisa3_B22\uff0c\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A1_Elisa1_B06\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nMC801A_Elisa3_B22\uff0c\n\nMC801A1_Elisa1_B06\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service Vulnerability in Some ZTE Mobile Internet Products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2023-25644",
        "datePublished": "2023-12-14T08:04:26.281Z",
        "dateReserved": "2023-02-09T19:47:48.022Z",
        "dateUpdated": "2025-05-22T17:53:37.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25643 (GCVE-0-2023-25643)

    Vulnerability from nvd – Published: 2023-12-14 07:19 – Updated: 2024-08-28 14:10
    VLAI
    Title
    Two Vulnerabilities in Some ZTE Mobile Internet Products
    Summary
    There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE MC801A Affected: MC801A_Elisa3_B19 , ≤ B19 (B19)
    Create a notification for this product.
    ZTE MC801A1 Affected: MC801A1_Elisa1_B04 , ≤ B04 (B04)
    Create a notification for this product.
    zte mc801a Affected: mc801a_elisa3_b19 , ≤ b19 (custom)
    Affected: mc801a1_elisa1_b04 , ≤ b04 (custom)
        cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-24 07:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc801a",
                "vendor": "zte",
                "versions": [
                  {
                    "lessThanOrEqual": "b19",
                    "status": "affected",
                    "version": "mc801a_elisa3_b19",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "b04",
                    "status": "affected",
                    "version": "mc801a1_elisa1_b04",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:06:02.163506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T14:10:23.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B19",
                  "status": "affected",
                  "version": "MC801A_Elisa3_B19",
                  "versionType": "B19"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A1",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B04",
                  "status": "affected",
                  "version": "MC801A1_Elisa1_B04",
                  "versionType": "B04"
                }
              ]
            }
          ],
          "datePublic": "2023-08-24T07:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThere is a command injection vulnerability in some ZTE mobile internet\u0026nbsp;products. Due to insufficient input\u0026nbsp;validation of\u0026nbsp;multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n\n\n"
                }
              ],
              "value": "\n\n\nThere is a command injection vulnerability in some ZTE mobile internet\u00a0products. Due to insufficient input\u00a0validation of\u00a0multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T07:19:08.757Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A_Elisa3_B22,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A1_Elisa1_B06\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Two Vulnerabilities in Some ZTE Mobile Internet Products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2023-25643",
        "datePublished": "2023-12-14T07:19:08.757Z",
        "dateReserved": "2023-02-09T19:47:48.022Z",
        "dateUpdated": "2024-08-28T14:10:23.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25642 (GCVE-0-2023-25642)

    Vulnerability from nvd – Published: 2023-12-14 07:17 – Updated: 2024-08-02 11:25
    VLAI
    Title
    Two Vulnerabilities in Some ZTE Mobile Internet Products
    Summary
    There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. 
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE MC801A Affected: MC801A_Elisa3_B19 , ≤ B19 (B19)
    Create a notification for this product.
    ZTE MC801A1 Affected: MC801A1_Elisa1_B04 , ≤ B04 (B04)
    Create a notification for this product.
    Date Public
    2023-08-24 07:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B19",
                  "status": "affected",
                  "version": "MC801A_Elisa3_B19",
                  "versionType": "B19"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC801A1",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B04",
                  "status": "affected",
                  "version": "MC801A1_Elisa1_B04",
                  "versionType": "B04"
                }
              ]
            }
          ],
          "datePublic": "2023-08-24T07:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThere is a buffer overflow vulnerability in some ZTE\u0026nbsp;mobile internet\u0026nbsp;producsts. Due to insufficient validation of tcp port parameter,\u0026nbsp;an authenticated attacker could use the vulnerability to perform a denial of service attack.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nThere is a buffer overflow vulnerability in some ZTE\u00a0mobile internet\u00a0producsts. Due to insufficient validation of tcp port parameter,\u00a0an authenticated attacker could use the vulnerability to perform a denial of service attack.\u00a0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T07:17:08.945Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A_Elisa3_B22,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A1_Elisa1_B06\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Two Vulnerabilities in Some ZTE Mobile Internet Products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2023-25642",
        "datePublished": "2023-12-14T07:17:08.945Z",
        "dateReserved": "2023-02-09T19:47:48.021Z",
        "dateUpdated": "2024-08-02T11:25:19.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25644 (GCVE-0-2023-25644)

    Vulnerability from cvelistv5 – Published: 2023-12-14 08:04 – Updated: 2025-05-22 17:53
    VLAI
    Title
    Denial of Service Vulnerability in Some ZTE Mobile Internet Products
    Summary
    There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE MC801A Affected: MC801A_Elisa3_B19 , ≤ B19 (B19)
    Create a notification for this product.
    ZTE MC801A1 Affected: MC801A1_Elisa1_B04 , ≤ B04 (B04)
    Create a notification for this product.
    Date Public
    2023-08-28 07:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032624"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25644",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:53:21.407373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T17:53:37.661Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B19",
                  "status": "affected",
                  "version": "MC801A_Elisa3_B19",
                  "versionType": "B19"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A1",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B04",
                  "status": "affected",
                  "version": "MC801A1_Elisa1_B04",
                  "versionType": "B04"
                }
              ]
            }
          ],
          "datePublic": "2023-08-28T07:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThere is a denial of service vulnerability in some ZTE\u0026nbsp;mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.\n\n"
                }
              ],
              "value": "\nThere is a denial of service vulnerability in some ZTE\u00a0mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755 Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T08:04:59.208Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032624"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A_Elisa3_B22\uff0c\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A1_Elisa1_B06\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nMC801A_Elisa3_B22\uff0c\n\nMC801A1_Elisa1_B06\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service Vulnerability in Some ZTE Mobile Internet Products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2023-25644",
        "datePublished": "2023-12-14T08:04:26.281Z",
        "dateReserved": "2023-02-09T19:47:48.022Z",
        "dateUpdated": "2025-05-22T17:53:37.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25643 (GCVE-0-2023-25643)

    Vulnerability from cvelistv5 – Published: 2023-12-14 07:19 – Updated: 2024-08-28 14:10
    VLAI
    Title
    Two Vulnerabilities in Some ZTE Mobile Internet Products
    Summary
    There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE MC801A Affected: MC801A_Elisa3_B19 , ≤ B19 (B19)
    Create a notification for this product.
    ZTE MC801A1 Affected: MC801A1_Elisa1_B04 , ≤ B04 (B04)
    Create a notification for this product.
    zte mc801a Affected: mc801a_elisa3_b19 , ≤ b19 (custom)
    Affected: mc801a1_elisa1_b04 , ≤ b04 (custom)
        cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-24 07:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zte:mc801a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mc801a",
                "vendor": "zte",
                "versions": [
                  {
                    "lessThanOrEqual": "b19",
                    "status": "affected",
                    "version": "mc801a_elisa3_b19",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "b04",
                    "status": "affected",
                    "version": "mc801a1_elisa1_b04",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:06:02.163506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T14:10:23.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B19",
                  "status": "affected",
                  "version": "MC801A_Elisa3_B19",
                  "versionType": "B19"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A1",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B04",
                  "status": "affected",
                  "version": "MC801A1_Elisa1_B04",
                  "versionType": "B04"
                }
              ]
            }
          ],
          "datePublic": "2023-08-24T07:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThere is a command injection vulnerability in some ZTE mobile internet\u0026nbsp;products. Due to insufficient input\u0026nbsp;validation of\u0026nbsp;multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n\n\n"
                }
              ],
              "value": "\n\n\nThere is a command injection vulnerability in some ZTE mobile internet\u00a0products. Due to insufficient input\u00a0validation of\u00a0multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T07:19:08.757Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A_Elisa3_B22,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A1_Elisa1_B06\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Two Vulnerabilities in Some ZTE Mobile Internet Products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2023-25643",
        "datePublished": "2023-12-14T07:19:08.757Z",
        "dateReserved": "2023-02-09T19:47:48.022Z",
        "dateUpdated": "2024-08-28T14:10:23.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25642 (GCVE-0-2023-25642)

    Vulnerability from cvelistv5 – Published: 2023-12-14 07:17 – Updated: 2024-08-02 11:25
    VLAI
    Title
    Two Vulnerabilities in Some ZTE Mobile Internet Products
    Summary
    There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. 
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE MC801A Affected: MC801A_Elisa3_B19 , ≤ B19 (B19)
    Create a notification for this product.
    ZTE MC801A1 Affected: MC801A1_Elisa1_B04 , ≤ B04 (B04)
    Create a notification for this product.
    Date Public
    2023-08-24 07:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "MC801A",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B19",
                  "status": "affected",
                  "version": "MC801A_Elisa3_B19",
                  "versionType": "B19"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MC801A1",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "B04",
                  "status": "affected",
                  "version": "MC801A1_Elisa1_B04",
                  "versionType": "B04"
                }
              ]
            }
          ],
          "datePublic": "2023-08-24T07:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThere is a buffer overflow vulnerability in some ZTE\u0026nbsp;mobile internet\u0026nbsp;producsts. Due to insufficient validation of tcp port parameter,\u0026nbsp;an authenticated attacker could use the vulnerability to perform a denial of service attack.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nThere is a buffer overflow vulnerability in some ZTE\u00a0mobile internet\u00a0producsts. Due to insufficient validation of tcp port parameter,\u00a0an authenticated attacker could use the vulnerability to perform a denial of service attack.\u00a0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-14T07:17:08.945Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A_Elisa3_B22,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMC801A1_Elisa1_B06\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Two Vulnerabilities in Some ZTE Mobile Internet Products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2023-25642",
        "datePublished": "2023-12-14T07:17:08.945Z",
        "dateReserved": "2023-02-09T19:47:48.021Z",
        "dateUpdated": "2024-08-02T11:25:19.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }