MidnightBSD

Advisories for zte

CVE-2012-2949 HIGH

The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
zte score_m -
CVE-2014-0329 HIGH

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
zte zxv10_w300 2.1.0
CVE-2014-2321 HIGH

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
zte f460 -
zte f660 -
CVE-2014-4018 HIGH

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
zte zxv10_w300 -
zte zxv10_w300_firmware 1.0.0a_zrd_lk
CVE-2014-4019 MEDIUM

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte zxv10_w300_firmware w300v1.0.0a_zrd_lk
CVE-2014-4154 MEDIUM

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
zte zxv10_w300 -
zte zxv10_w300_firmware 1.0.0a_zrd_lk
CVE-2014-4155 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
zte zxv10_w300 -
zte zxv10_w300_firmware 1.0.0a_zrd_lk
CVE-2014-8493 MEDIUM

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
zte zxhn_h108l_firmware 4.0.0d_zrq_gr4
CVE-2014-9019 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
zte zxdsl 831cii
CVE-2014-9020 MEDIUM

Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte zxdsl_831 -
zte zxdsl_831cii -
CVE-2014-9183 HIGH

ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
zte zxdsl 831cii
CVE-2014-9184 MEDIUM

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
zte zxdsl 831cii
CVE-2015-7248 MEDIUM

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte zxhn_h108n_r1a_firmware *
CVE-2015-7249 MEDIUM

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
zte zxhn_h108n_r1a_firmware *
CVE-2015-7250 HIGH

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zte zxhn_h108n_r1a_firmware *
CVE-2015-7251 HIGH

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
zte zxhn_h108n_r1a_firmware *
CVE-2015-7252 MEDIUM

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte zxhn_h108n_r1a_firmware *
CVE-2015-7255 MEDIUM

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte zxhn_h108n_firmware -
zte hg110_firmware -
zte mf28g_firmware -
zte ox-330p_firmware -
zte w300v1.0.0s_zrd_tr1_d68_firmware -
zte gan9.8t101a-b_firmware -
CVE-2015-7257 HIGH

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".

CVSS 2.0

Severity: HIGH

Problem Type: CWE-640,

Products Affected

Vendor Product Version
zte zxv10_w300_firmware w300v2.1.0f_er7_pe_o57
zte zxv10_w300_firmware w300v2.1.0h_er7_pe_o57
CVE-2015-7258 HIGH

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
zte zxv10_w300_firmware w300v2.1.0f_er7_pe_o57
zte zxv10_w300_firmware w300v2.1.0h_er7_pe_o57
CVE-2015-7259 HIGH

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
zte zxv10_w300_firmware w300v2.1.0f_er7_pe_o57
zte zxv10_w300_firmware w300v2.1.0h_er7_pe_o57
CVE-2015-8703 MEDIUM

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte zxhn_h108n_r1a_firmware *
zte zxv10_w300_firmware *
CVE-2017-10930 MEDIUM

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
zte zxr10_1800-2s_firmware *
zte zxr10_2800-4_firmware *
zte zxr10_3800-8_firmware *
zte zxr10_160_firmware *
CVE-2017-10931 MEDIUM

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zte zxr10_1800-2s_firmware *
zte zxr10_2800-4_firmware *
zte zxr10_3800-8_firmware *
zte zxr10_160_firmware *
CVE-2017-10932 HIGH

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
zte nr8000tr_firmware -
zte nr8150_firmware -
zte nr8120a_firmware -
zte nr8250_firmware *
zte nr8000tr_firmware *
zte nr8950_firmware *
zte nr8120a_firmware *
zte nr8150_firmware *
zte nr8120_firmware *
zte nr8250_firmware -
zte nr8950_firmware -
zte nr8120_firmware -
CVE-2017-10933 MEDIUM

All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zte zxdt22_sf01_firmware *
CVE-2017-10934 HIGH

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
zte zxiptv-epg_firmware *
CVE-2017-10935 MEDIUM

All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxr10_1800-2s_firmware *
CVE-2017-10936 MEDIUM

SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
zte zxcdn-sns_firmware *
CVE-2017-10937 MEDIUM

SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
zte zxiptv-ucm_firmware *
CVE-2017-16953 MEDIUM

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
zte zxdsl_831cii_firmware -
CVE-2017-3216 HIGH

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
zyxel max308m_fimware -
huawei bm2022_firmware -
huawei hes-319m_firmware -
huawei hes-309m_firmware -
mada soho_wireless_router_firmware -
zyxel max218m1w_firmware -
zyxel max318m_firmware -
huawei hes-319m2w_firmware -
zyxel max218mw_firmware -
zte ox-330p_firmware -
zyxel max218m_firmware -
zyxel max338m_firmware -
huawei hes-339m_firmware -
greenpacket ox350_firmware -
CVE-2018-7355 MEDIUM

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte mf65_firmware *
zte mf65m1_firmware *
CVE-2018-7356 MEDIUM

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,

Products Affected

Vendor Product Version
zte zxr10_8905e_firmware *
CVE-2018-7357 LOW

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
zte zxhn_h168n_firmware 2.2.0_pk1.2t5
zte zxhn_h168n_firmware 2.2.0_pk11t7
zte zxhn_h168n_firmware 2.2.0_pk1.2t2
zte zxhn_h168n_firmware 2.2.0_pk11t
CVE-2018-7358 MEDIUM

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
zte zxhn_h168n_firmware 2.2.0_pk1.2t5
zte zxhn_h168n_firmware 2.2.0_pk11t7
zte zxhn_h168n_firmware 2.2.0_pk1.2t2
zte zxhn_h168n_firmware 2.2.0_pk11t
CVE-2018-7359 HIGH

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
zte zxhn_f670_firmware *
CVE-2018-7360 LOW

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte zxhn_f670_firmware *
CVE-2018-7361 LOW

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
zte zxhn_f670_firmware *
CVE-2018-7362 HIGH

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
zte zxhn_f670_firmware *
CVE-2018-7363 LOW

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,

Products Affected

Vendor Product Version
zte zxhn_f670_firmware *
CVE-2018-7364 HIGH

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
zte zxin10 *
CVE-2018-7365 MEDIUM

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
zte zxcloud_irai *
zte usmartview -
CVE-2018-7366 MEDIUM

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
zte zxv10_b860av2.1_chinamobile_firmware *
CVE-2019-3409 MEDIUM

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
zte wf820+_lte_outdoor_cpe_firmware *
CVE-2019-3410 MEDIUM

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
zte wf820+_lte_outdoor_cpe_firmware *
CVE-2019-3411 MEDIUM

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
zte mf920_firmware *
CVE-2019-3412 HIGH

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
zte mf920_firmware *
CVE-2019-3413 LOW

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte netnumen_dap_firmware *
CVE-2019-3414 LOW

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte otcp_firmware *
CVE-2019-3415 LOW

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zte zxmw_nr8000_firmware 2.4.4.03
zte zxmw_nr8000_firmware 2.4.4.04
CVE-2019-3416 HIGH

All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zte zxv10_b860a_firmware *
CVE-2019-3417 HIGH

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
zte zxhn_f670_firmware *
CVE-2019-3418 LOW

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte zxhn_f670_firmware *
CVE-2019-3419 LOW

A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxmp_m721_dx_firmware zxmp_m721v3.10p01b10_m2ncp
CVE-2019-3420 LOW

All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxhn_h108n_firmware *
CVE-2019-3422 LOW

The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte mf910s_firmware -
CVE-2019-3425 HIGH

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
zte zxupn-9000e_firmware *
CVE-2019-3426 HIGH

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zte zxupn-9000e_firmware *
CVE-2019-3427 MEDIUM

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
zte zxcdn_iamweb_firmware 6.01.03.01
CVE-2019-3428 MEDIUM

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxcdn_iamweb_firmware 6.01.03.01
CVE-2019-3429 MEDIUM

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
zte zxcloud_goldendata_vap *
CVE-2019-3430 MEDIUM

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxcloud_goldendata_vap *
CVE-2019-3431 MEDIUM

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-522,

Products Affected

Vendor Product Version
zte zxcloud_goldendata_vap *
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
epson xp-2101 -
hp hp_envy_4520_f0v69a -
epson xp-8600 -
hp hp_envy_4524_k9t01a -
hp envy_5000_z4a54a -
hp envy_6020_5se16b -
hp hp_deskjet_ink_advantage_4675_f1h97a -
hp envy_100_cn517b -
hp envy_4520_f0v63a -
hp envy_photo_7164_k7g99a -
hp envy_7640 -
hp envy_6055_5se16a -
hp hp_officejet_4655_f1j00a -
hp envy_5540_f2e72a -
hp envy_4507_e6g70b -
hp envy_photo_6222_y0k13d -
ruckussecurity zonedirector_1200 -
hp envy_5000_z4a74a -
hp envy_photo_7155_z3m52a -
hp envy_pro_6420_5se46a -
hp envy_5540_g0v47a -
hp envy_6052_5se18a -
hp hp_deskjet_ink_advantage_4676_f1h98a -
hp 5034_z4a74a -
hp envy_photo_7822_y0g43d -
hp 5030_m2u92b -
hp envy_4502_a9t87b -
hp envy_120_cz022c -
hp envy_7645_e4w44a -
hp deskjet_ink_advantage_3456_a9t84c -
hp envy_4528_k9t08b -
hp envy_5000_m2u94b -
hp envy_5640_b9s58a -
epson xp-8500 -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp hp_deskjet_ink_advantage_4675_f1h97b -
hp deskjet_ink_advantage_3545_a9t83b -
hp envy_100_cn518a -
dell b1165nfw -
zte zxv10_w300 -
hp officejet_4654_f1j07b -
tp-link archer_c50 -
hp 5020_z4a69a -
hp envy_4503_e6g71b -
hp hp_envy_4528_k9t08b -
hp officejet_4658_v6d30b -
hp envy_4513_k9h51a -
hp envy_4500_d3p93a -
hp envy_photo_7822_y0g42d -
hp envy_100_cn517a -
hp officejet_4655_f1j00a -
hp hp_officejet_4654_f1j07b -
w1.fi hostapd *
hp 5660_f8b04a -
hp envy_5530 -
hp envy_5664_f8b08a -
cisco wap150 -
hp envy_110_cq809a -
hp envy_photo_7800_k7s00a -
hp envy_4526_k9t05b -
hp envy_5540_k7c85a -
hp envy_photo_7800_y0g42d -
hp envy_110_cq812c -
hp hp_deskjet_ink_advantage_4678_f1h99b -
hp envy_photo_6200_y0k15a -
hp deskjet_ink_advantage_3545_a9t81a -
hp envy_114_cq811a -
hp deskjet_ink_advantage_4675_f1h97b -
hp hp_deskjet_ink_advantage_4535_f0v64c -
hp envy_5540_g0v51a -
hp envy_pro_6420_5se45b -
hp hp_officejet_4657_v6d29b -
netgear wnhde111 -
epson xp-100 -
microsoft windows_10 -
hp envy_120_cz022a -
hp envy_photo_7100_z3m52a -
hp envy_4520_e6g67a -
hp envy_4500_a9t80b -
hp envy_100_cn519a -
hp envy_5542_k7c88a -
hp envy_5532 -
hp envy_5534 -
hp envy_5000_m2u91a -
hp envy_4522_f0v67a -
zyxel vmg8324-b10a -
hp envy_5543_n9u88a -
hp envy_photo_6220_k7g20d -
hp hp_envy_4522_f0v67a -
hp envy_5539 -
ui unifi_controller -
epson xp-241 -
hp envy_5646_f8b05a -
hp envy_photo_7100_k7g99a -
hp hp_envy_4513_k9h51a -
hp deskjet_ink_advantage_4515 -
hp envy_5540_g0v53a -
hp envy_4524_f0v71b -
hp envy_4504_a9t88b -
huawei hg532e -
hp envy_photo_7800_y0g52b -
hp 5030_z4a70a -
hp envy_4505_a9t86a -
hp envy_6540_b9s59a -
hp envy_photo_6200_y0k13d_ -
hp envy_photo_6230_k7g25b -
hp hp_officejet_4656_k9v81b -
hp envy_pro_6420_6wd16a -
hp deskjet_ink_advantage_5575_g0v48b -
fedoraproject fedora 32
hp deskjet_ink_advantage_4678_f1h99b -
hp envy_photo_7830_y0g50b -
hp officejet_4652_f1j02a -
epson xp-330 -
hp deskjet_ink_advantage_3546_a9t82a -
hp envy_4520_f0v63b -
hp envy_photo_6200_k7s21b -
hp envy_5544_k7c89a -
zyxel amg1202-t10b -
hp envy_4501_c8d05a -
epson m571t -
hp envy_4509_d3p94a -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp hp_deskjet_ink_advantage_4675_f1h97c -
hp deskjet_ink_advantage_4536_f0v65a -
nec wr8165n -
hp envy_5535 -
huawei hg255s -
hp hp_envy_4516_k9h52a -
broadcom adsl -
hp deskjet_ink_advantage_4535_f0v64c -
hp hp_officejet_4652_f1j02a -
epson xp-320 -
hp hp_officejet_4655_k9v82b -
hp envy_photo_7100_3xd89a -
hp envy_6020_7cz37a -
hp hp_envy_4520_e6g67a -
hp envy_photo_7800_k7r96a -
microsoft xbox_one 10.0.19041.2494
hp envy_pro_6420_6wd14a -
hp officejet_4657_v6d29b -
hp envy_pro_6455_5se45a -
dlink dvg-n5412sp -
hp envy_5644_b9s65a -
hp envy_100_cn519b -
hp hp_officejet_4650_e6g87a -
hp envy_6020_6wd35a -
hp envy_110_cq809b -
epson xp-4100 -
epson xp-620 -
hp envy_114_cq811b -
hp deskjet_ink_advantage_4538_f0v66b -
hp hp_envy_4524_f0v72b -
hp envy_5643_b9s63a -
hp hp_envy_4524_f0v71b -
hp hp_officejet_4655_k9v79a -
hp envy_photo_6200_k7g18a -
hp deskjet_ink_advantage_4535_f0v64b -
hp envy_110_cq809d -
hp hp_envy_4526_k9t05b -
hp envy_photo_7800_k7s10d -
hp deskjet_ink_advantage_3545_a9t81c -
epson ep-101 -
canonical ubuntu_linux 20.04
hp envy_5541_k7g89a -
hp hp_officejet_4650_f1h96b -
hp hp_envy_4521_k9t10b -
hp envy_4512_k9h49a -
hp envy_4521_k9t10b -
hp hp_envy_4527_j6u61b -
hp hp_envy_4525_k9t09b -
hp envy_5544_k7c93a -
hp officejet_4655_k9v79a -
hp envy_4500_a9t89a -
hp envy_4520_f0v69a -
hp deskjet_ink_advantage_5575_g0v48c -
hp envy_4509_d3p94b -
hp envy_4524_f0v72b -
canon selphy_cp1200 -
hp envy_5665_f8b06a -
hp envy_111_cq810a -
hp envy_5020_m2u91b -
epson ew-m970a3t -
hp envy_4525_k9t09b -
hp hp_envy_4523_j6u60b -
hp envy_photo_7100_k7g93a -
hp envy_5548_k7g87a -
hp envy_photo_6222_y0k14d -
hp hp_deskjet_ink_advantage_4536_f0v65a -
hp envy_photo_6234_k7s21b -
hp deskjet_ink_advantage_3548_a9t81b -
hp hp_officejet_4652_f1j05b -
hp hp_officejet_4658_v6d30b -
hp envy_6020_5se17a -
hp envy_4511_k9h50a -
epson xp-2105 -
hp hp_envy_4520_f0v63a -
hp envy_110_cq809c -
epson xp-970 -
hp envy_4502_a9t85a -
hp envy_120_cz022b -
hp deskjet_ink_advantage_4535_f0v64a -
debian debian_linux 10.0
hp envy_4524_k9t01a -
hp hp_officejet_4652_k9v84b -
hp officejet_4655_k9v82b -
hp envy_5546_k7c90a -
hp envy_4500_a9t80a -
hp envy_photo_7100_z3m37a -
hp officejet_4650_f1h96a -
cisco wap351 -
hp officejet_4652_k9v84b -
hp hp_envy_4512_k9h49a -
hp envy_pro_6452_5se47a -
hp hp_deskjet_ink_advantage_4535_f0v64b -
hp envy_photo_6232_k7g26b -
epson xp-960 -
fedoraproject fedora 31
hp envy_5000_m2u85b -
hp envy_4527_j6u61b -
hp envy_5536 -
hp hp_officejet_4650_f1h96a -
asus rt-n11 -
hp deskjet_ink_advantage_4518 -
cisco wap131 -
hp officejet_4652_f1j05b -
hp deskjet_ink_advantage_4675_f1h97c -
hp deskjet_ink_advantage_4675_f1h97a -
hp envy_5547_j6u64a -
epson xp-702 -
hp envy_4523_j6u60b -
hp envy_5545_g0v50a -
epson xp-440 -
epson xp-340 -
hp officejet_4656_k9v81b -
hp hp_envy_4511_k9h50a -
hp envy_5531 -
epson xp-630 -
hp envy_4516_k9h52a -
debian debian_linux 9.0
hp deskjet_ink_advantage_4676_f1h98a -
hp officejet_4650_f1h96b -
hp envy_4504_c8d04a -
hp envy_photo_6220_k7g21b -
hp envy_4508_e6g72b -
hp envy_photo_6200_k7g26b -
hp envy_photo_6252_k7g22a -
hp envy_114_cq812a -
hp envy_5000_m2u85a -
hp hp_envy_4520_e6g67b -
hp envy_7644_e4w46a -
epson xp-4105 -
hp envy_5640_b9s56a -
hp officejet_4654_f1j06b -
hp officejet_4650_e6g87a -
hp envy_100_cn517c -
hp hp_officejet_4654_f1j06b -
hp envy_photo_7120_z3m41d -
hp hp_envy_4520_f0v63b -
hp envy_5000_m2u91a *
hp envy_5540_g0v52a -
hp envy_4520_e6g67b -
hp envy_5642_b9s64a -
CVE-2020-6862 MEDIUM

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-669,

Products Affected

Vendor Product Version
zte f6x2w_firmware 6.0.10p2t2
zte f6x2w_firmware 6.0.10p2t5
CVE-2020-6863 LOW

ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte e8820v3_firmware *
CVE-2020-6864 LOW

ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte e8820v3_firmware *
CVE-2020-6865 MEDIUM

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte oscp 16.19.20
zte oscp 16.19.10
CVE-2020-6866 MEDIUM

A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxctn_6500_firmware 2.10.00r3b87
CVE-2020-6867 LOW

ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
zte zenic_one_r22b 16.19.10p02sp002
zte zenic_one_r22b 6.19.10p02sp005
CVE-2020-6868 LOW

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zte f680_firmware zxhn_f680v9.0.10p1n6
CVE-2020-6869 MEDIUM

All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte ztemarket_apk *
CVE-2020-6870 MEDIUM

The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zte netnumen_u31_r10_firmware v12.17.20t115
CVE-2020-6871 HIGH

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
zte r5500g4_firmware 03.07.0200
zte r8500g4_firmware 03.05.0400
zte r5300g4_firmware 03.07.0100
zte r5300g4_firmware 03.04.0020
zte r5500g4_firmware 03.08.0100
zte r5300g4_firmware 03.05.0040
zte r5300g4_firmware 03.05.0044
zte r5300g4_firmware 03.08.0100
zte r8500g4_firmware 03.07.0103
zte r5500g4_firmware 03.06.0100
zte r5300g4_firmware 03.05.0045
zte r5300g4_firmware 03.05.0047
zte r5300g4_firmware 03.07.0200
zte r8500g4_firmware 03.05.0020
zte r5500g4_firmware 03.07.0100
zte r8500g4_firmware 03.06.0100
zte r5300g4_firmware 03.05.0046
zte r8500g4_firmware 03.07.0101
zte r5300g4_firmware 03.05.0043
zte r5300g4_firmware 03.07.0108
zte r5300g4_firmware 03.07.0300
CVE-2020-6872 MEDIUM

The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte r5500g4_firmware 03.07.0200
zte r8500g4_firmware 03.05.0400
zte r5300g4_firmware 03.07.0100
zte r5300g4_firmware 03.04.0020
zte r5500g4_firmware 03.08.0100
zte r5300g4_firmware 03.05.0040
zte r5300g4_firmware 03.05.0044
zte r5300g4_firmware 03.08.0100
zte r8500g4_firmware 03.07.0103
zte r5500g4_firmware 03.06.0100
zte r5300g4_firmware 03.05.0045
zte r5300g4_firmware 03.05.0047
zte r5300g4_firmware 03.07.0200
zte r8500g4_firmware 03.05.0020
zte r5500g4_firmware 03.07.0100
zte r8500g4_firmware 03.06.0100
zte r5300g4_firmware 03.05.0046
zte r8500g4_firmware 03.07.0101
zte r5300g4_firmware 03.05.0043
zte r5300g4_firmware 03.07.0108
zte r5300g4_firmware 03.07.0300
CVE-2020-6873 MEDIUM

A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxr10_2800-4_almpufb(low)_firmware *
CVE-2020-6874 MEDIUM

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,CWE-522,

Products Affected

Vendor Product Version
zte zxiptv_firmware zxiptv-web-pv5.09.08.04
CVE-2020-6875 MEDIUM

A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
zte zxone_19700_snpe_firmware zxone8700v1.40r2b13_snpe
CVE-2020-6876 LOW

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte evdc zxcloud-irosv6.03.04
CVE-2020-6877 MEDIUM

A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxa10_eodn_firmware 2.3p2t1
CVE-2020-6879 LOW

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zte zxhn_f670l_firmware v1.1.10p1n2e
zte zxhn_z500_firmware v1.0.0.2b1.1000
CVE-2020-6880 HIGH

A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
zte zxv10_w908_firmware *
CVE-2020-6881 MEDIUM

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
zte zxhn_e8820_firmware 2.0.13
zte zxhn_e8822_firmware 2.0.13
zte zxhn_e8810_firmware 2.0.1
zte zxhn_e8810_firmware 1.0.26
zte zxhn_e8820_firmware 1.1.3
CVE-2020-6882 MEDIUM

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
zte zxhn_e8820_firmware 2.0.13
zte zxhn_e8822_firmware 2.0.13
zte zxhn_e8810_firmware 2.0.1
zte zxhn_e8810_firmware 1.0.26
zte zxhn_e8820_firmware 1.1.3
CVE-2021-21722 LOW

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
zte zxv10_b860a_firmware v2.1-t_v0032.1.1.04_jiangsutelecom
CVE-2021-21723 MEDIUM

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
zte zxr10_9904_firmware *
zte zxr10_9916_firmware *
zte zxr10_9908_firmware *
zte zxr10_9908-s_firmware *
zte zxr10_9904-s_firmware *
CVE-2021-21724 LOW

A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
zte zxr10_8900e_firmware *
CVE-2021-21725 LOW

A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,

Products Affected

Vendor Product Version
zte zxhn_h196q_firmware 9.1.0c2
CVE-2021-21726 LOW

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 0.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zte zxone_8700_firmware 1.40.021.021cp049
zte zxone_19700_firmware 1.0p02b219_@ncpm-release_2.40r1-20200914.set
zte zxone_9700_firmware 1.40.021.021cp049
CVE-2021-21727 HIGH

A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxhn_f623_firmware *
CVE-2021-21728 MEDIUM

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
zte zxa10_c300m_firmware *
CVE-2021-21729 MEDIUM

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-352,

Products Affected

Vendor Product Version
zte zxhn_h168n_firmware 3.5.0_eg1t5_te
zte zxhn_h108n_firmware 2.5.5_btmt1
CVE-2021-21730 MEDIUM

A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zte zxhn_h168n_firmware 3.5.0_ty.t6
CVE-2021-21731 MEDIUM

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2021-21732 MEDIUM

A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axon 11 5G ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zte axon_11_5g_firmware *
CVE-2021-21733 MEDIUM

The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zte zxcdn *
CVE-2021-21734 MEDIUM

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
zte zxa10_f821_firmware 1.7.0p3t22
zte zxa10_f822_firmware 1.4.3t6
zte zxa10_f809_firmware 3.2.1t1
zte zxa10_f832v2_firmware 2.00.00.01
zte zxa10_f819_firmware 1.2.1t5
zte zxa10_f832_firmware 1.1.1t7
zte zxa10_f839_firmware 1.1.0t8
zte zxa10_f822p_firmware 1.1.1t7
CVE-2021-21735 MEDIUM

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,

Products Affected

Vendor Product Version
zte zxhn_h168n_firmware *
CVE-2021-21736 HIGH

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
zte zxhn_hs562_firmware 1.0.0.0b2.0000
zte zxhn_hs562_firmware 1.0.0.0b3.0000
CVE-2021-21737 MEDIUM

A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
zte zxv10_b860h_v5.0_firmware v83011303.0010
zte zxv10_b860h_v5.0_firmware v83011303.0016
CVE-2021-21738 MEDIUM

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte zxiptv_firmware zxiptv-eas_pv5.06.04.09
CVE-2021-21739 LOW

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24>

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-345,

Products Affected

Vendor Product Version
zte zxctn_6120h_firmware 5.10.00b24
CVE-2021-21740 LOW

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 0.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
zte zxhn_h2640_firmware 10.0.0c6_ty
CVE-2021-21741 HIGH

There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
zte zxv10_m910_firmware 1.2.19.01u01.01
zte zxv10_m910_firmware 1.2.20.01u01.01
zte zxv10_m910_firmware 1.2.21.01.04
zte zxv10_m910_firmware 1.2.16.01u01.01
CVE-2021-21742 MEDIUM

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zte axon_30_pro_message_service 5.3.1.2103091059
CVE-2021-21743 MEDIUM

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
zte mf971r_firmware 1v1.0.0b06
zte mf971r_firmware v1.0.0b05
zte mf971r_firmware sv1.0.0b05
zte mf971r_firmware 2v1.0.0b03
zte mf971r_firmware s2v1.0.0b03
CVE-2021-21744 MEDIUM

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte mf971r_firmware 1v1.0.0b06
zte mf971r_firmware v1.0.0b05
zte mf971r_firmware sv1.0.0b05
zte mf971r_firmware 2v1.0.0b03
zte mf971r_firmware s2v1.0.0b03
CVE-2021-21745 MEDIUM

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
zte mf971r_firmware 1v1.0.0b06
zte mf971r_firmware v1.0.0b05
zte mf971r_firmware sv1.0.0b05
zte mf971r_firmware 2v1.0.0b03
zte mf971r_firmware s2v1.0.0b03
CVE-2021-21746 MEDIUM

ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte mf971r_firmware 1v1.0.0b06
zte mf971r_firmware v1.0.0b05
zte mf971r_firmware sv1.0.0b05
zte mf971r_firmware 2v1.0.0b03
zte mf971r_firmware s2v1.0.0b03
CVE-2021-21747 MEDIUM

ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte mf971r_firmware 1v1.0.0b06
zte mf971r_firmware v1.0.0b05
zte mf971r_firmware sv1.0.0b05
zte mf971r_firmware 2v1.0.0b03
zte mf971r_firmware s2v1.0.0b03
CVE-2021-21748 HIGH

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
zte mf971r_firmware 1v1.0.0b06
zte mf971r_firmware v1.0.0b05
zte mf971r_firmware sv1.0.0b05
zte mf971r_firmware 2v1.0.0b03
zte mf971r_firmware s2v1.0.0b03
CVE-2021-21749 HIGH

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
zte mf971r_firmware 1v1.0.0b06
zte mf971r_firmware v1.0.0b05
zte mf971r_firmware sv1.0.0b05
zte mf971r_firmware 2v1.0.0b03
zte mf971r_firmware s2v1.0.0b03
CVE-2021-21750 MEDIUM

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
zte zxin10_cms *
CVE-2021-21751 MEDIUM

ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zte zxin10_cms *
CVE-2022-23135 MEDIUM

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zte zxhn_f677_firmware *
zte zxhn_f477_firmware *
CVE-2022-23136 LOW

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte zxhn_f680_firmware 6.0.10p3n20
CVE-2022-23137 MEDIUM

ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zte zxcdn_firmware *
CVE-2022-23138 MEDIUM

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
zte mf297d_firmware mf297d_nordic1_b05
CVE-2022-23139 MEDIUM

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
zte zxmp_m721_firmware 5.10.030.006
CVE-2022-23141

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
zte zxmp_m721_firmware commond21bootv100004_ls1045
CVE-2022-23142

ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
zte zxen_cg200_firmware *
CVE-2022-23143

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.

Products Affected

Vendor Product Version
zte otcp_firmware *
CVE-2022-23144

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
zte zxa10_b700v7_firmware *
zte zxa10_s200a_firmware *
zte zxa10_b766v2_firmware *
zte zxa10_b960gv1_firmware *
zte zxa10_s200t_firmware *
zte zxa10_b710s2-a19_firmware *
zte zxa10_b866v2-h_firmware *
zte zxa10_b836ct-a15_firmware *
zte zxa10_b710c-a12_firmware *
zte zxa10_b866v5-w10_firmware *
zte zxa10_b800v2_firmware *
zte zxa10_b76hv3_firmware *
zte zxa10_b860h_firmware *
zte zxa10_b860av2.1_firmware *
zte zxa10_s100v_firmware *
CVE-2022-39066

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

Products Affected

Vendor Product Version
zte mf286r_firmware *
CVE-2022-39067

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.

Products Affected

Vendor Product Version
zte mf286r_firmware *
CVE-2022-39069

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
zte zaip-aie *
CVE-2022-39070

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

Products Affected

Vendor Product Version
zte zxa10_c350m_firmware *
zte zxa10_c300m_firmware *
CVE-2022-39071

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.

Products Affected

Vendor Product Version
zte blade_v20_smart_firmware *
zte blade_a7s_firmware *
zte blade_l210_firmware *
zte blade_v30_firmware *
zte blade_v30_vita_firmware *
zte blade_a31_plus_firmware *
zte axon_40_ultra_firmware *
zte blade_a52_firmware *
zte blade_a72_firmware *
zte blade_a5_2019_firmware *
zte blade_a51_firmware *
zte blade_a71_firmware *
zte blade_v40_vita_firmware *
zte blade_a3_lite_firmware *
zte blade_a5_2020_firmware *
zte blade_a31_firmware *
zte v40_pro_firmware *
CVE-2022-39072

There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.

Products Affected

Vendor Product Version
zte mf286r_firmware nordic_mf286r_b06
zte mf289d_firmware cr_tmoczmf289dv1.0.0b07
CVE-2022-39073

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

Products Affected

Vendor Product Version
zte mf286r_firmware nordic_mf286r_b06
CVE-2022-39074

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.

Products Affected

Vendor Product Version
zte blade_v20_smart_firmware *
zte blade_a7s_firmware *
zte blade_l210_firmware *
zte blade_v30_firmware *
zte blade_v30_vita_firmware *
zte blade_a31_plus_firmware *
zte axon_40_ultra_firmware *
zte blade_a52_firmware *
zte blade_a72_firmware *
zte blade_a5_2019_firmware *
zte blade_a51_firmware *
zte blade_a71_firmware *
zte blade_v40_vita_firmware *
zte blade_a3_lite_firmware *
zte blade_a5_2020_firmware *
zte blade_a31_firmware *
zte v40_pro_firmware *
CVE-2022-39075

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.

Products Affected

Vendor Product Version
zte blade_v20_smart_firmware *
zte blade_a7s_firmware *
zte blade_l210_firmware *
zte blade_v30_firmware *
zte blade_v30_vita_firmware *
zte blade_a31_plus_firmware *
zte axon_40_ultra_firmware *
zte blade_a52_firmware *
zte blade_a72_firmware *
zte blade_a5_2019_firmware *
zte blade_a51_firmware *
zte blade_a71_firmware *
zte blade_v40_vita_firmware *
zte blade_a3_lite_firmware *
zte blade_a5_2020_firmware *
zte blade_a31_firmware *
zte v40_pro_firmware *
CVE-2022-45957

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.

Products Affected

Vendor Product Version
zte zxhn-h108ns_firmware h108nsv1.0.7u_zrd_gr2_a68
CVE-2023-25642

There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
psirt@zte.com.cn 5.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
zte mc801a_firmware mc801a_elisa3_b19
zte mc801a1_firmware mc801a1_elisa1_b04
CVE-2023-25643

There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
zte mc801a_firmware mc801a_elisa3_b19
zte mc801a1_firmware mc801a1_elisa1_b04
CVE-2023-25644

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
zte mc801a_firmware mc801a_elisa3_b19
zte mc801a1_firmware mc801a1_elisa1_b04
CVE-2023-25645

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

Products Affected

Vendor Product Version
zte up_t2_4k_firmware v84511302.1427
zte zxv10_b866v2-h_firmware v84711321.0040
zte zxv10_b860h_v5d0_firmware v83011303.0069
zte zxv10_b866v2_firmware v82815416.1027
zte zxv10_b866v2f_firmware v86111338.0026
zte zxv10_b866v2f_firmware v86111338.0033
zte zxv10_b866v2f_firmware v86111338.0035
zte zxv10_b866v2-h_firmware v84711321.0045
zte zxv10_b860h_v5d0_firmware v83011303.0049
zte zxv10_b866v2_firmware v84711309.0018
zte zxv10_b866v2f_firmware v86111338.0031
zte zxv10_b866v2_firmware v84711309.0019
zte zxv10_b866v2_firmware v82815416.1029
zte zxv10_b866v2_firmware v82811306.3021
zte zxv10_b866v2-h_firmware v84711321.0049
zte zxv10_b860h_v5d0_firmware v83011303.0053
zte zxv10_b866v2_firmware v84711309.0016
zte zxv10_b866v2-h_firmware v84711321.0038
zte zxv10_b866v2_firmware v82815416.2012
zte zxv10_b860h_v5d0_firmware v83011303.0051
zte zxv10_b860h_v5d0_firmware v83011303.0063
zte zxv10_b866v2_firmware v82815416.1028
CVE-2023-25646

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 0.5 6.0

Products Affected

Vendor Product Version
zte zxhn_h388x_firmware 10.1_agzhm_1.3.1
CVE-2023-25647

There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 1.0 3.6
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
zte axon_40_pro_firmware *
zte axon_30_firmware *
zte axon_40_ultra_firmware *
zte nubia_z50_firmware *
CVE-2023-25648

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L 1.0 5.5
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2023-25649

There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
zte mf286r_firmware cr_lvwrgbmf286rv1.0.0b04
CVE-2023-25650

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2023-25651

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
psirt@zte.com.cn 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 0.9 3.4

Products Affected

Vendor Product Version
zte mf286r_firmware cr_lvwrgbmf286rv1.0.0b04
zte mf833u1_firmware bd_mf833u1v1.0.0b01
CVE-2023-41776

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@zte.com.cn 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2023-41779

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@zte.com.cn 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2023-41781

There is a Cross-site scripting (XSS)  vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L 0.9 4.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
zte mf258_firmware zte_std_v1.0.0b08
zte mf258_firmware zte_std_v1.0.0b10
CVE-2023-41782

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 1.3 3.4
psirt@zte.com.cn 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L 1.3 2.5

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2023-41783

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 4.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.9 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
zte zxcloud_irai_firmware *
zte zxcloud_irai *
CVE-2023-41784

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L 0.8 5.3
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
zte red_magic_8_pro_firmware gen_cn_nx729jv1.0.0b21mr
zte redmagic_8_pro_firmware gen_cn_nx729jv1.0.0b21mr
CVE-2024-10119

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
zte wrtm326_firmware *
CVE-2024-22062

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L 0.5 5.3

Products Affected

Vendor Product Version
zte zxcloud_irai *
CVE-2024-22063

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
psirt@zte.com.cn 7.6 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

Products Affected

Vendor Product Version
zte zenic_one_r58 *
CVE-2024-22064

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
zte zxun-epdg *
CVE-2024-22065

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
zte mf258k_pro_firmware 1.0.0b03
CVE-2024-22066

There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
zte zxr10_1800-2s_firmware *
zte zxr10_2800-4_firmware *
zte zxr10_3800-8_firmware *
zte zxr10_160_firmware *
CVE-2024-22067

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
zte nh8091_firmware znh8091v1.8
CVE-2024-22068

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H 0.5 5.5

Products Affected

Vendor Product Version
zte zxr10_1800-2s_firmware *
zte zxr10_2800-4_firmware *
zte zxr10_3800-8_firmware *
zte zxr10_160_firmware *
CVE-2025-46574

There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 4.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L 0.7 3.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
zte zxcloud_goldendb 7.2.01.01
zte zxcloud_goldendb *
CVE-2025-46575

There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
zte zxcloud_goldendb 6.1.03.09
zte zxcloud_goldendb 7.2.01.01
zte zxcloud_goldendb 6.1.03.10
CVE-2025-46576

There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5
psirt@zte.com.cn 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
zte zxcloud_goldendb 6.1.03.09
zte zxcloud_goldendb 7.2.01.01
zte zxcloud_goldendb 6.1.03.10
CVE-2025-46577

There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
zte zxcloud_goldendb 7.2.01.01
zte zxcloud_goldendb *
CVE-2025-46578

There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@zte.com.cn 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
zte zxcloud_goldendb 7.2.01.01
zte zxcloud_goldendb *
CVE-2025-46579

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@zte.com.cn 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

Products Affected

Vendor Product Version
zte zxcloud_goldendb 7.2.01.01
zte zxcloud_goldendb *
CVE-2025-46580

There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 3.1 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
zte zxcloud_goldendb *
CVE-2025-66315

There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@zte.com.cn 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
zte mf258k_pro_firmware zte_mf258kpro_play_v1.0.0b03
zte mf258k_pro_firmware zte_mf258pro_std_v1.0.0b04