Filtered by vendor Zte
Subscribe
Total
173 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3418 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2023-03-02 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | |||||
| CVE-2018-7364 | 1 Zte | 1 Zxin10 | 2023-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. | |||||
| CVE-2022-23141 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2022-07-22 | N/A | 7.5 HIGH |
| ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. | |||||
| CVE-2021-21730 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2022-07-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 | |||||
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. | |||||
| CVE-2020-6867 | 1 Zte | 1 Zenic One R22b | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005. | |||||
| CVE-2021-21745 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2022-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. | |||||
| CVE-2021-21732 | 1 Zte | 2 Axon 11 5g, Axon 11 5g Firmware | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axon 11 5G ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys. | |||||
| CVE-2021-21729 | 1 Zte | 4 Zxhn H108n, Zxhn H108n Firmware, Zxhn H168n and 1 more | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 | |||||
| CVE-2022-23138 | 1 Zte | 2 Mf297d, Mf297d Firmware | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. | |||||
| CVE-2022-23139 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. | |||||
| CVE-2022-23137 | 1 Zte | 2 Zxcdn, Zxcdn Firmware | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered. | |||||
| CVE-2020-6862 | 1 Zte | 2 F6x2w, F6x2w Firmware | 2022-04-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code. | |||||
| CVE-2019-3411 | 1 Zte | 2 Mf920, Mf920 Firmware | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components. | |||||
| CVE-2022-23136 | 1 Zte | 2 Zxhn F680, Zxhn F680 Firmware | 2022-04-07 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. | |||||
| CVE-2019-3428 | 1 Zte | 2 Zxcdn Iamweb, Zxcdn Iamweb Firmware | 2022-03-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage. | |||||
| CVE-2019-3420 | 1 Zte | 2 Zxhn H108n, Zxhn H108n Firmware | 2022-03-31 | 3.3 LOW | 6.5 MEDIUM |
| All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. | |||||
| CVE-2022-23135 | 1 Zte | 4 Zxhn F477, Zxhn F477 Firmware, Zxhn F677 and 1 more | 2022-03-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation. | |||||
| CVE-2021-21750 | 1 Zte | 1 Zxin10 Cms | 2022-01-12 | 4.6 MEDIUM | 7.8 HIGH |
| ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access. | |||||
| CVE-2021-21749 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2021-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code. | |||||