CVE-2025-66315
HIGH WAF: Low
CVSS 8.8
Published: 2026-01-09
CWE-269 CWE-863
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| zte | mf258k_pro_firmware | zte_mf258kpro_play_v1.0.0b03 |
| zte | mf258k_pro_firmware | zte_mf258pro_std_v1.0.0b04 |
References
- support.zte.com.cn (Vendor Advisory)