Mf258k Pro Firmware
CVE-2025-66315
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
AnalysisAI
Mf258K Pro Firmware versions up to zte_mf258kpro_play_v1.0.0b03 is affected by improper privilege management (CVSS 4.3).
Technical ContextAI
This vulnerability (CWE-269: Improper Privilege Management) affects Mf258K Pro Firmware. There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Mf258k Pro Firmware
View allSame weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today