CVE-2023-25644: CWE-755 Improper Handling of Exceptional Conditions in ZTE MC801A
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
AI Analysis
Technical Summary
CVE-2023-25644 is a denial of service (DoS) vulnerability identified in the ZTE MC801A mobile internet product, specifically in the firmware version MC801A_Elisa3_B19. The root cause of this vulnerability is improper handling of exceptional conditions (CWE-755) due to insufficient validation of parameters passed through the device's web interface. An attacker can exploit this flaw remotely without requiring authentication or user interaction by sending specially crafted requests to the web interface. This leads to a denial of service condition, causing the device to become unresponsive or crash, thereby disrupting network connectivity for users relying on the affected device. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity level. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same local network or connected to the device's network segment. The vulnerability requires no privileges and no user interaction, and it impacts availability only, with no confidentiality or integrity impact. No public exploits are currently known, and no patches have been published at the time of this report. The vulnerability was reserved in early 2023 and published in December 2023. Given the nature of the device as a mobile internet gateway, exploitation could disrupt internet access for end users or enterprise environments relying on these devices for connectivity.
Potential Impact
For European organizations, the impact of this vulnerability could be significant in environments where ZTE MC801A devices are deployed as primary or backup mobile internet gateways. Disruption of these devices could lead to loss of internet connectivity, impacting business operations, communications, and access to cloud services. This is particularly critical for remote offices, mobile workforce connectivity, or IoT deployments that depend on stable mobile internet access. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could cause operational downtime and productivity loss. Additionally, critical infrastructure sectors relying on mobile internet for redundancy or failover could face service interruptions. The medium severity rating suggests a moderate risk, but the ease of exploitation without authentication and user interaction increases the likelihood of opportunistic attacks, especially in shared or public network environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify any deployed ZTE MC801A devices, particularly those running the affected firmware version MC801A_Elisa3_B19. Network segmentation should be employed to restrict access to the device's web interface, limiting it to trusted management networks only. Implementing firewall rules to block unauthorized access to the device's management interface from untrusted or public networks is critical. Monitoring network traffic for unusual or malformed requests targeting the web interface can help detect exploitation attempts. Organizations should engage with ZTE or their vendors to obtain firmware updates or patches as soon as they become available. In the absence of patches, consider disabling the web management interface if operationally feasible or restricting it to secure VPN access. Regularly auditing device configurations and applying security best practices for IoT and network devices will reduce exposure. Finally, incident response plans should include procedures for rapid device replacement or network rerouting in case of a successful DoS attack.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Finland
CVE-2023-25644: CWE-755 Improper Handling of Exceptional Conditions in ZTE MC801A
Description
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
AI-Powered Analysis
Technical Analysis
CVE-2023-25644 is a denial of service (DoS) vulnerability identified in the ZTE MC801A mobile internet product, specifically in the firmware version MC801A_Elisa3_B19. The root cause of this vulnerability is improper handling of exceptional conditions (CWE-755) due to insufficient validation of parameters passed through the device's web interface. An attacker can exploit this flaw remotely without requiring authentication or user interaction by sending specially crafted requests to the web interface. This leads to a denial of service condition, causing the device to become unresponsive or crash, thereby disrupting network connectivity for users relying on the affected device. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity level. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same local network or connected to the device's network segment. The vulnerability requires no privileges and no user interaction, and it impacts availability only, with no confidentiality or integrity impact. No public exploits are currently known, and no patches have been published at the time of this report. The vulnerability was reserved in early 2023 and published in December 2023. Given the nature of the device as a mobile internet gateway, exploitation could disrupt internet access for end users or enterprise environments relying on these devices for connectivity.
Potential Impact
For European organizations, the impact of this vulnerability could be significant in environments where ZTE MC801A devices are deployed as primary or backup mobile internet gateways. Disruption of these devices could lead to loss of internet connectivity, impacting business operations, communications, and access to cloud services. This is particularly critical for remote offices, mobile workforce connectivity, or IoT deployments that depend on stable mobile internet access. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could cause operational downtime and productivity loss. Additionally, critical infrastructure sectors relying on mobile internet for redundancy or failover could face service interruptions. The medium severity rating suggests a moderate risk, but the ease of exploitation without authentication and user interaction increases the likelihood of opportunistic attacks, especially in shared or public network environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify any deployed ZTE MC801A devices, particularly those running the affected firmware version MC801A_Elisa3_B19. Network segmentation should be employed to restrict access to the device's web interface, limiting it to trusted management networks only. Implementing firewall rules to block unauthorized access to the device's management interface from untrusted or public networks is critical. Monitoring network traffic for unusual or malformed requests targeting the web interface can help detect exploitation attempts. Organizations should engage with ZTE or their vendors to obtain firmware updates or patches as soon as they become available. In the absence of patches, consider disabling the web management interface if operationally feasible or restricting it to secure VPN access. Regularly auditing device configurations and applying security best practices for IoT and network devices will reduce exposure. Finally, incident response plans should include procedures for rapid device replacement or network rerouting in case of a successful DoS attack.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zte
- Date Reserved
- 2023-02-09T19:47:48.022Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682f67ff0acd01a249264598
Added to database: 5/22/2025, 6:07:59 PM
Last enriched: 7/8/2025, 8:40:54 AM
Last updated: 8/17/2025, 10:07:21 PM
Views: 15
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.