Filtered by vendor Zte
Subscribe
Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22067 | 1 Zte | 2 Nh8091, Nh8091 Firmware | 2024-11-20 | N/A | 8.8 HIGH |
| ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands. | |||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | N/A | 6.5 MEDIUM |
| There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | |||||
| CVE-2024-10119 | 1 Zte | 2 Wrtm326, Wrtm326 Firmware | 2024-11-01 | N/A | 9.8 CRITICAL |
| The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests. | |||||
| CVE-2022-39068 | 1 Zte | 2 Mf296r, Mf296r Firmware | 2024-09-29 | N/A | 6.5 MEDIUM |
| There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||||
| CVE-2024-22069 | 1 Zte | 4 Zxv10 Et301, Zxv10 Et301 Firmware, Zxv10 Xt802 and 1 more | 2024-08-20 | N/A | 8.8 HIGH |
| There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | |||||
| CVE-2020-12695 | 21 Asus, Broadcom, Canon and 18 more | 217 Rt-n11, Adsl, Selphy Cp1200 and 214 more | 2024-04-08 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2023-41779 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 5.5 MEDIUM |
| There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | |||||
| CVE-2023-41780 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 7.8 HIGH |
| There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | |||||
| CVE-2023-25643 | 1 Zte | 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
| There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2023-25644 | 1 Zte | 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack. | |||||
| CVE-2023-25642 | 1 Zte | 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||||
| CVE-2023-25650 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. | |||||
| CVE-2023-25648 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 7.8 HIGH |
| There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. | |||||
| CVE-2023-41776 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 7.8 HIGH |
| There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | |||||
| CVE-2023-25651 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more | 2024-02-28 | N/A | 8.0 HIGH |
| There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. | |||||
| CVE-2023-41783 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 7.8 HIGH |
| There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | |||||
| CVE-2023-41781 | 1 Zte | 2 Mf258, Mf258 Firmware | 2024-02-28 | N/A | 6.1 MEDIUM |
| There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. | |||||
| CVE-2023-41782 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-28 | N/A | 4.8 MEDIUM |
| There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | |||||
| CVE-2023-25649 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2023-25647 | 1 Zte | 8 Axon 30, Axon 30 Firmware, Axon 40 Pro and 5 more | 2024-02-28 | N/A | 3.3 LOW |
| There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. | |||||