CVE-2023-25642

Published: Dec 14, 2023Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack.

Affected (2)

Products: Zte: Mc801a Firmware, Mc801a1 Firmware

Zte

2 products

Mc801a Firmware

Mc801a1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Mc801a Firmware	Version mc801a_elisa3_b19

Running on/with	Platform Versions
Zte Mc801a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Mc801a1 Firmware	Version mc801a1_elisa1_b04

Running on/with	Platform Versions
Zte Mc801a1	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504

Source: psirt@zte.com.cn

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.