Vulnerabilities (CVE)

Filtered by vendor Zte Subscribe
Filtered by product Zxhn F670
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3417 1 Zte 2 Zxhn F670, Zxhn F670 Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
CVE-2019-3418 1 Zte 2 Zxhn F670, Zxhn F670 Firmware 2024-02-28 3.5 LOW 5.4 MEDIUM
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.
CVE-2018-7362 1 Zte 2 Zxhn F670, Zxhn F670 Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.
CVE-2018-7361 1 Zte 2 Zxhn F670, Zxhn F670 Firmware 2024-02-28 3.3 LOW 6.5 MEDIUM
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.
CVE-2018-7359 1 Zte 2 Zxhn F670, Zxhn F670 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
CVE-2018-7360 1 Zte 2 Zxhn F670, Zxhn F670 Firmware 2024-02-28 3.3 LOW 6.5 MEDIUM
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
CVE-2018-7363 1 Zte 2 Zxhn F670, Zxhn F670 Firmware 2024-02-28 3.3 LOW 8.8 HIGH
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.