Filtered by vendor Zte
Subscribe
Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7358 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-7357 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | |||||
| CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2024-11-21 | 5.0 MEDIUM | 5.6 MEDIUM |
| All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | |||||
| CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | |||||
| CVE-2017-3216 | 5 Greenpacket, Huawei, Mada and 2 more | 28 Ox350, Ox350 Firmware, Bm2022 and 25 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | |||||
| CVE-2017-16953 | 1 Zte | 2 Zxdsl 831cii, Zxdsl 831cii Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | |||||
| CVE-2017-10937 | 1 Zte | 2 Zxiptv-ucm, Zxiptv-ucm Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | |||||
| CVE-2017-10936 | 1 Zte | 2 Zxcdn-sns, Zxcdn-sns Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. | |||||
| CVE-2017-10935 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password. | |||||
| CVE-2017-10934 | 1 Zte | 2 Zxiptv-epg, Zxiptv-epg Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | |||||
| CVE-2017-10932 | 1 Zte | 12 Nr8000tr, Nr8000tr Firmware, Nr8120 and 9 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
| CVE-2017-10931 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | |||||
| CVE-2017-10930 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | |||||
| CVE-2015-8703 | 1 Zte | 4 Zxhn H108n R1a, Zxhn H108n R1a Firmware, Zxv10 W300 and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. | |||||
| CVE-2015-7259 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | |||||
| CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||||
| CVE-2015-7257 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | |||||
| CVE-2015-7255 | 1 Zte | 12 Gan9.8t101a-b, Gan9.8t101a-b Firmware, Hg110 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. | |||||
| CVE-2015-7252 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. | |||||