PT-2018-18042 · Zte · Zte Mf65+1

Nathu Nandwani

Published

2018-09-26

Updated

2019-01-10

CVE-2018-7355

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ZTE MF65 versions prior to V1.0.0B05 ZTE MF65M1 versions prior to V1.0.0B02

Description The issue is related to cross-site scripting due to improper neutralization of input during web page generation. This could allow an attacker to conduct reflected XSS or HTML injection attacks on the devices.

Recommendations For ZTE MF65 versions prior to V1.0.0B05, update to version V1.0.0B05 or later to resolve the issue. For ZTE MF65M1 versions prior to V1.0.0B02, update to version V1.0.0B02 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-7355

Affected Products

Zte Mf65

Zte Mf65M1

PT-2018-18042 · Zte · Zte Mf65+1

CVE-2018-7355

Weakness Enumeration

Related Identifiers

Affected Products

References · 4