If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT:, PGP key ID: FF095577. with EC25-AF LTE Modem better WIFI than T2 and Hotspot Unlocked ZTE MF65 Router Modem. Thanks to Cyber Security Philippines CERT - Red Team and security researcher Markclancys for reporting the security vulnerabilities to ZTE PSIRT.Ģ7 September 201 8, CVE ID assigned and Statement updated.
#EBAY ZTE MF65 CODE#
Due to incomplete input validation, the attacker can cause damage to device s by embedding malicious JS code in the URL link.Īs ZTE MF65 was end of service in August 2016, and MF65M1 was also end of service in September, 2017, ZTE strongly recommend users to replace with newer UFI products for the purpose of better security. Through the analysis of related product team s, the script injection vulnerabilit ies confirmed in V1.0 versions of both MF65 and MF65M1 products. For example you can remotely control WiFi on or off, check the battery level and. With ZTE Mobile WiFi app, it is very easy to manage ZTE MF65+ 3G Mifi.
The OLED display shows the signal type, signal strength, battery status, Wi-Fi mode and more. S ecurity researcher Markclancys also reported a reflected cross-site scripting vulnerability of MF65M1 V1.0.0B02 to ZTE PSIRT in August 2018. The ZTE MF65+ 3G Mifi is supplied in a white version, and has an impressive industrial design. Statement of Vulnerabilities in ZTE MF65 and MF65M1Ĥ.6 Medium (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)Ĭyber Security Philippines CERT - Red Team reported two script injection vulnerabilit ies of MF65 V1.0.0B05 to ZTE PSIRT in July 2018.