Vulnerabilities (CVE)

Filtered by vendor Zte Subscribe
Total 156 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21731 1 Zte 2 Zxcloud Irai, Zxcloud Irai Firmware 2024-02-28 5.8 MEDIUM 8.1 HIGH
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04
CVE-2021-21728 1 Zte 2 Zxa10 C300m, Zxa10 C300m Firmware 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.
CVE-2021-21732 1 Zte 2 Axon 11 5g, Axon 11 5g Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axon 11 5G ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys.
CVE-2021-21726 1 Zte 6 Zxone 19700, Zxone 19700 Firmware, Zxone 8700 and 3 more 2024-02-28 2.1 LOW 2.3 LOW
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>
CVE-2020-6881 1 Zte 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>
CVE-2021-21725 1 Zte 2 Zxhn H196q, Zxhn H196q Firmware 2024-02-28 2.7 LOW 5.7 MEDIUM
A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.
CVE-2021-21723 1 Zte 10 Zxr10 9904, Zxr10 9904-s, Zxr10 9904-s Firmware and 7 more 2024-02-28 4.3 MEDIUM 7.5 HIGH
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
CVE-2020-6875 1 Zte 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE>
CVE-2020-6877 1 Zte 2 Zxa10 Eodn, Zxa10 Eodn Firmware 2024-02-28 4.0 MEDIUM 8.8 HIGH
A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1
CVE-2020-6880 1 Zte 2 Zxv10 W908, Zxv10 W908 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.
CVE-2021-21722 1 Zte 2 Zxv10 B860a, Zxv10 B860a Firmware 2024-02-28 2.1 LOW 4.4 MEDIUM
A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.
CVE-2020-6876 1 Zte 1 Evdc 2024-02-28 3.5 LOW 5.4 MEDIUM
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04
CVE-2020-6879 1 Zte 4 Zxhn F670l, Zxhn F670l Firmware, Zxhn Z500 and 1 more 2024-02-28 2.7 LOW 3.5 LOW
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.
CVE-2021-21724 1 Zte 2 Zxr10 8900e, Zxr10 8900e Firmware 2024-02-28 2.1 LOW 4.4 MEDIUM
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.
CVE-2020-6882 1 Zte 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>
CVE-2020-6870 1 Zte 2 Netnumen U31 R10, Netnumen U31 R10 Firmware 2024-02-28 5.2 MEDIUM 8.0 HIGH
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115
CVE-2020-6869 1 Zte 1 Ztemarket Apk 2024-02-28 5.5 MEDIUM 8.1 HIGH
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
CVE-2020-6873 1 Zte 2 Zxr10 2800-4 Almpufb\(low\), Zxr10 2800-4 Almpufb\(low\) Firmware 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40.
CVE-2020-6866 1 Zte 2 Zxctn 6500, Zxctn 6500 Firmware 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87.
CVE-2020-6865 1 Zte 1 Oscp 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.