Filtered by vendor Zte
Subscribe
Total
156 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3428 | 1 Zte | 2 Zxcdn Iamweb, Zxcdn Iamweb Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage. | |||||
CVE-2019-3420 | 1 Zte | 2 Zxhn H108n, Zxhn H108n Firmware | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. | |||||
CVE-2019-3415 | 1 Zte | 2 Zxmw Nr8000, Zxmw Nr8000 Firmware | 2024-02-28 | 2.7 LOW | 5.7 MEDIUM |
ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. | |||||
CVE-2019-3411 | 1 Zte | 2 Mf920, Mf920 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components. | |||||
CVE-2019-3417 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. | |||||
CVE-2019-3413 | 1 Zte | 2 Netnumen Dap, Netnumen Dap Firmware | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. | |||||
CVE-2019-3418 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | |||||
CVE-2019-3409 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system. | |||||
CVE-2019-3414 | 1 Zte | 2 Otcp, Otcp Firmware | 2024-02-28 | 2.3 LOW | 4.8 MEDIUM |
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen. | |||||
CVE-2019-3412 | 1 Zte | 2 Mf920, Mf920 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces. | |||||
CVE-2019-3410 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client. | |||||
CVE-2018-7358 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | |||||
CVE-2018-7362 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. | |||||
CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | |||||
CVE-2018-7364 | 1 Zte | 1 Zxin10 | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. | |||||
CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | |||||
CVE-2018-7361 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. | |||||
CVE-2018-7357 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | |||||
CVE-2017-10937 | 1 Zte | 2 Zxiptv-ucm, Zxiptv-ucm Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | |||||
CVE-2018-7359 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. |