CVE-2024-22065 MEDIUM

CVE-2024-22065: ZTE MF258 Pro product has a OS Command injection vulnerability

Vendor Zte

Product MF258 Pro

Weakness CWE-20 · Input validation

Published October 29, 2024

Last update October 29, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Key dates

02Disclosure timeline

October 29, 2024 CVE published

October 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-22065

Related vulnerabilities

CVE-2024-22065: ZTE MF258 Pro product has a OS Command injection vulnerability

01Description

02Disclosure timeline

03References

04Related CVE