There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zte mf833u1_firmware bd_mf833u1v1.0.0b01 |
||
zte mf286r_firmware cr_lvwrgbmf286rv1.0.0b04 |