Proof of concept of the SQL injection vulnerability affecting the ZTE MF286R router.
CVE-2022-39066 Firmware details: wa_inner_version: BD_POSTEMF286RMODULEV100B12 cr_version: CR_ITPOSTEMF286RV100B10 Prerequisites requests (pip install requests) SQL injection The vulnerability is a SQL injection present in the handler PHONE_BLOCK_ADD in the webserver goahead binary Possible exploits: delete any record in any datab