Buffer Overflow Vulnerability in ZTE MF286R

Initial Release Date:  November 21, 2022

 

Vulnerability ID

CVE IDCVE-2022-39067         CNNVD IDCNNVD-2022-33330902 

 

CVSS 3.1 Base Score 

4.5 MediumAV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

 

Description 

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

MF286R

Nordic_MF286R_B06

Nordic_MF286R_B07

 

Acknowledgement

ZTE thanks Andrea Maugeri for paying attention to our products and cooperating with us to disclose vulnerabilities.

 

Update Records

November 21, 2022, initial.

 

Version Update Method

A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html