All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.

Related CVEs

CVE-2019-3412

Key Information

GHSA ID

GHSA-cf37-hf6f-gwfg

Published

May 24, 2022 4:47 PM

Last Modified

April 4, 2024 12:55 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.