ZTE WF820+ CPE命令注入与CSRF漏洞(CVE-2019-3409/3410)

Two Vulnerabilities in ZTE WF820+ LTE Outdoor CPE Product Original release date: 28 May 2019 CVE ID CVE-2019-3409 CVE-2019-3410 CVSS 3.0 Base Score CVE-2019-3409: 9.0 Critical (AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVE-2019-3410: 4.6 Medium (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) Description CVE-2019-3409: All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Unauthorized users can control the user terminal system. CVE-2019-3410: All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability. An attacker can exploit this to send unexpected requests to the server. Affected Products and Fixes Credit Submitted by Roman Mironov at SEC-1 to ZTE PSIRT. Update Records 28 May 2019: Initial release. Supporting Team Contacts ZTE GCSC hotline: 0755-26770800, 800-830-1118, 400-830-1118 Product forum at ZTE Support website. ZTE PSIRT Contact: psirt@zte.com.cn, PGP key ID: FF095577.

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

ZTE WF820+ CPE命令注入与CSRF漏洞(CVE-2019-3409/3410)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！