Command Injection Vulnerability in ZTE Mobile Internet Products

CVE-2023-25643 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Learn more about our Mobile App Penetration Testing.