Buffer Overflow Vulnerability in ZTE MF296R Initial Release Date: January 19, 2023 Vulnerability ID: CVE ID: CVE-2022-39068 CNNVD ID: CNNVD-2023-40815344 CVSS 3.1 Base Score: 4.5 (Medium) Description: There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack. Affected Products and Fixes: Acknowledgement: ZTE thanks Daniel Wong for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records: January 19, 2023: Initial update. Version Update Method: A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center: Website: ZTE PSIRT: Website: [Close]