Published: 26/09/2018 Updated: 10/01/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zte mf65_firmware
zte mf65m1_firmware

# Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 # Date: 01/09/2019 # Exploit Author: Nathu Nandwani # Website: nandtechco/ # Vendor Homepage: supportztecomcn/support/news/LoopholeInfoDetailaspx?newsId=1009483 # Version: BD_HDV6MF65V100B05 # Tested on: Windows 10 x64 # CVE: CVE-2018-7355 *Description The Mobile Hot ...

ZTE MF65 BD_HDV6MF65V100B05 suffers from a cross site scripting vulnerability ...

CWE-79 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 https://www.exploit-db.com/exploits/46102/https://nvd.nist.gov https://www.exploit-db.com/exploits/46102

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-7355

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect