What is CVE-2022-39066?

CVE-2022-39066 is a vulnerability in Mf286r. Published 2022-11-22.

Is CVE-2022-39066 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mf286r

CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

EPSS: 0.511 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a Mf286r — versions Nordic_MF286R_B06

Public proof-of-concept exploits

v0lp3/CVE-2022-39066
k0mi-tg/CVE-POC
manas3c/CVE-POC
nomi-sec/PoC-in-GitHub
whoforget/CVE-POC
youwizard/CVE-POC

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx

Frequently asked questions

What is CVE-2022-39066?: CVE-2022-39066 is a vulnerability in Mf286r. Published 2022-11-22.
Is CVE-2022-39066 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.