CVE-2019-3412 — CRITICAL (9.8)

Q: How severe is CVE-2019-3412?

CVE-2019-3412 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-3412?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Mf920 Firmware, Zte Mf920.

Vulnerability Description

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zte	Mf920 Firmware	< bd_r218v2.4
Zte	Mf920	-

Related Weaknesses (CWE)

CWE-78

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686Vendor Advisory

FAQ

What is CVE-2019-3412?

CVE-2019-3412 is a vulnerability with a CVSS score of 9.8 (CRITICAL). All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary comma...

How severe is CVE-2019-3412?

CVE-2019-3412 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-3412?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Mf920 Firmware, Zte Mf920.