CVE-2025-66315
Unknown
Unknown - Not Provided
Improper Directory Permissions in ZTE MF258K Pro Allows Write Access
Publication date: 2026-01-09
Last updated on: 2026-03-12
Assigner: ZTE Corporation
Description
Description
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zte | mf258k_pro_firmware | zte_mf258kpro_play_v1.0.0b03 |
| zte | mf258k_pro_firmware | zte_mf258pro_std_v1.0.0b04 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a configuration defect in the version server of ZTE MF258K Pro products. It arises from improper directory permission settings that allow an attacker to gain write permissions in a specific directory.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can write to a specific directory on the affected device, which may lead to denial of service or other disruptions, although it does not directly impact confidentiality or integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70