The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | score_m | - |
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300 | 2.1.0 |
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | f460 | - |
| zte | f660 | - |
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300 | - |
| zte | zxv10_w300_firmware | 1.0.0a_zrd_lk |
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300_firmware | w300v1.0.0a_zrd_lk |
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300 | - |
| zte | zxv10_w300_firmware | 1.0.0a_zrd_lk |
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300 | - |
| zte | zxv10_w300_firmware | 1.0.0a_zrd_lk |
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108l_firmware | 4.0.0d_zrq_gr4 |
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxdsl | 831cii |
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxdsl_831 | - |
| zte | zxdsl_831cii | - |
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxdsl | 831cii |
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxdsl | 831cii |
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_r1a_firmware | * |
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_r1a_firmware | * |
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_r1a_firmware | * |
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_r1a_firmware | * |
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_r1a_firmware | * |
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_firmware | - |
| zte | hg110_firmware | - |
| zte | mf28g_firmware | - |
| zte | ox-330p_firmware | - |
| zte | w300v1.0.0s_zrd_tr1_d68_firmware | - |
| zte | gan9.8t101a-b_firmware | - |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
CVSS 2.0
Severity: HIGH
Problem Type: CWE-640,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300_firmware | w300v2.1.0f_er7_pe_o57 |
| zte | zxv10_w300_firmware | w300v2.1.0h_er7_pe_o57 |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300_firmware | w300v2.1.0f_er7_pe_o57 |
| zte | zxv10_w300_firmware | w300v2.1.0h_er7_pe_o57 |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w300_firmware | w300v2.1.0f_er7_pe_o57 |
| zte | zxv10_w300_firmware | w300v2.1.0h_er7_pe_o57 |
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_r1a_firmware | * |
| zte | zxv10_w300_firmware | * |
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-552,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_1800-2s_firmware | * |
| zte | zxr10_2800-4_firmware | * |
| zte | zxr10_3800-8_firmware | * |
| zte | zxr10_160_firmware | * |
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_1800-2s_firmware | * |
| zte | zxr10_2800-4_firmware | * |
| zte | zxr10_3800-8_firmware | * |
| zte | zxr10_160_firmware | * |
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | nr8000tr_firmware | - |
| zte | nr8150_firmware | - |
| zte | nr8120a_firmware | - |
| zte | nr8250_firmware | * |
| zte | nr8000tr_firmware | * |
| zte | nr8950_firmware | * |
| zte | nr8120a_firmware | * |
| zte | nr8150_firmware | * |
| zte | nr8120_firmware | * |
| zte | nr8250_firmware | - |
| zte | nr8950_firmware | - |
| zte | nr8120_firmware | - |
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxdt22_sf01_firmware | * |
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxiptv-epg_firmware | * |
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_1800-2s_firmware | * |
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcdn-sns_firmware | * |
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxiptv-ucm_firmware | * |
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxdsl_831cii_firmware | - |
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zyxel | max308m_fimware | - |
| huawei | bm2022_firmware | - |
| huawei | hes-319m_firmware | - |
| huawei | hes-309m_firmware | - |
| mada | soho_wireless_router_firmware | - |
| zyxel | max218m1w_firmware | - |
| zyxel | max318m_firmware | - |
| huawei | hes-319m2w_firmware | - |
| zyxel | max218mw_firmware | - |
| zte | ox-330p_firmware | - |
| zyxel | max218m_firmware | - |
| zyxel | max338m_firmware | - |
| huawei | hes-339m_firmware | - |
| greenpacket | ox350_firmware | - |
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf65_firmware | * |
| zte | mf65m1_firmware | * |
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-294,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_8905e_firmware | * |
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
CVSS 2.0
Severity: LOW
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h168n_firmware | 2.2.0_pk1.2t5 |
| zte | zxhn_h168n_firmware | 2.2.0_pk11t7 |
| zte | zxhn_h168n_firmware | 2.2.0_pk1.2t2 |
| zte | zxhn_h168n_firmware | 2.2.0_pk11t |
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h168n_firmware | 2.2.0_pk1.2t5 |
| zte | zxhn_h168n_firmware | 2.2.0_pk11t7 |
| zte | zxhn_h168n_firmware | 2.2.0_pk1.2t2 |
| zte | zxhn_h168n_firmware | 2.2.0_pk11t |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670_firmware | * |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670_firmware | * |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.
CVSS 2.0
Severity: LOW
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670_firmware | * |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670_firmware | * |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.
CVSS 2.0
Severity: LOW
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670_firmware | * |
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxin10 | * |
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai | * |
| zte | usmartview | - |
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_b860av2.1_chinamobile_firmware | * |
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | wf820+_lte_outdoor_cpe_firmware | * |
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | wf820+_lte_outdoor_cpe_firmware | * |
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf920_firmware | * |
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf920_firmware | * |
All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | netnumen_dap_firmware | * |
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | otcp_firmware | * |
ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files.
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxmw_nr8000_firmware | 2.4.4.03 |
| zte | zxmw_nr8000_firmware | 2.4.4.04 |
All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_b860a_firmware | * |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670_firmware | * |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670_firmware | * |
A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.7 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.1 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxmp_m721_dx_firmware | zxmp_m721v3.10p01b10_m2ncp |
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h108n_firmware | * |
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.5 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf910s_firmware | - |
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxupn-9000e_firmware | * |
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxupn-9000e_firmware | * |
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcdn_iamweb_firmware | 6.01.03.01 |
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcdn_iamweb_firmware | 6.01.03.01 |
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendata_vap | * |
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendata_vap | * |
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendata_vap | * |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H | 2.2 | 4.7 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| epson | xp-2101 | - |
| hp | hp_envy_4520_f0v69a | - |
| epson | xp-8600 | - |
| hp | hp_envy_4524_k9t01a | - |
| hp | envy_5000_z4a54a | - |
| hp | envy_6020_5se16b | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97a | - |
| hp | envy_100_cn517b | - |
| hp | envy_4520_f0v63a | - |
| hp | envy_photo_7164_k7g99a | - |
| hp | envy_7640 | - |
| hp | envy_6055_5se16a | - |
| hp | hp_officejet_4655_f1j00a | - |
| hp | envy_5540_f2e72a | - |
| hp | envy_4507_e6g70b | - |
| hp | envy_photo_6222_y0k13d | - |
| ruckussecurity | zonedirector_1200 | - |
| hp | envy_5000_z4a74a | - |
| hp | envy_photo_7155_z3m52a | - |
| hp | envy_pro_6420_5se46a | - |
| hp | envy_5540_g0v47a | - |
| hp | envy_6052_5se18a | - |
| hp | hp_deskjet_ink_advantage_4676_f1h98a | - |
| hp | 5034_z4a74a | - |
| hp | envy_photo_7822_y0g43d | - |
| hp | 5030_m2u92b | - |
| hp | envy_4502_a9t87b | - |
| hp | envy_120_cz022c | - |
| hp | envy_7645_e4w44a | - |
| hp | deskjet_ink_advantage_3456_a9t84c | - |
| hp | envy_4528_k9t08b | - |
| hp | envy_5000_m2u94b | - |
| hp | envy_5640_b9s58a | - |
| epson | xp-8500 | - |
| hp | hp_deskjet_ink_advantage_4538_f0v66b | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97b | - |
| hp | deskjet_ink_advantage_3545_a9t83b | - |
| hp | envy_100_cn518a | - |
| dell | b1165nfw | - |
| zte | zxv10_w300 | - |
| hp | officejet_4654_f1j07b | - |
| tp-link | archer_c50 | - |
| hp | 5020_z4a69a | - |
| hp | envy_4503_e6g71b | - |
| hp | hp_envy_4528_k9t08b | - |
| hp | officejet_4658_v6d30b | - |
| hp | envy_4513_k9h51a | - |
| hp | envy_4500_d3p93a | - |
| hp | envy_photo_7822_y0g42d | - |
| hp | envy_100_cn517a | - |
| hp | officejet_4655_f1j00a | - |
| hp | hp_officejet_4654_f1j07b | - |
| w1.fi | hostapd | * |
| hp | 5660_f8b04a | - |
| hp | envy_5530 | - |
| hp | envy_5664_f8b08a | - |
| cisco | wap150 | - |
| hp | envy_110_cq809a | - |
| hp | envy_photo_7800_k7s00a | - |
| hp | envy_4526_k9t05b | - |
| hp | envy_5540_k7c85a | - |
| hp | envy_photo_7800_y0g42d | - |
| hp | envy_110_cq812c | - |
| hp | hp_deskjet_ink_advantage_4678_f1h99b | - |
| hp | envy_photo_6200_y0k15a | - |
| hp | deskjet_ink_advantage_3545_a9t81a | - |
| hp | envy_114_cq811a | - |
| hp | deskjet_ink_advantage_4675_f1h97b | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64c | - |
| hp | envy_5540_g0v51a | - |
| hp | envy_pro_6420_5se45b | - |
| hp | hp_officejet_4657_v6d29b | - |
| netgear | wnhde111 | - |
| epson | xp-100 | - |
| microsoft | windows_10 | - |
| hp | envy_120_cz022a | - |
| hp | envy_photo_7100_z3m52a | - |
| hp | envy_4520_e6g67a | - |
| hp | envy_4500_a9t80b | - |
| hp | envy_100_cn519a | - |
| hp | envy_5542_k7c88a | - |
| hp | envy_5532 | - |
| hp | envy_5534 | - |
| hp | envy_5000_m2u91a | - |
| hp | envy_4522_f0v67a | - |
| zyxel | vmg8324-b10a | - |
| hp | envy_5543_n9u88a | - |
| hp | envy_photo_6220_k7g20d | - |
| hp | hp_envy_4522_f0v67a | - |
| hp | envy_5539 | - |
| ui | unifi_controller | - |
| epson | xp-241 | - |
| hp | envy_5646_f8b05a | - |
| hp | envy_photo_7100_k7g99a | - |
| hp | hp_envy_4513_k9h51a | - |
| hp | deskjet_ink_advantage_4515 | - |
| hp | envy_5540_g0v53a | - |
| hp | envy_4524_f0v71b | - |
| hp | envy_4504_a9t88b | - |
| huawei | hg532e | - |
| hp | envy_photo_7800_y0g52b | - |
| hp | 5030_z4a70a | - |
| hp | envy_4505_a9t86a | - |
| hp | envy_6540_b9s59a | - |
| hp | envy_photo_6200_y0k13d_ | - |
| hp | envy_photo_6230_k7g25b | - |
| hp | hp_officejet_4656_k9v81b | - |
| hp | envy_pro_6420_6wd16a | - |
| hp | deskjet_ink_advantage_5575_g0v48b | - |
| fedoraproject | fedora | 32 |
| hp | deskjet_ink_advantage_4678_f1h99b | - |
| hp | envy_photo_7830_y0g50b | - |
| hp | officejet_4652_f1j02a | - |
| epson | xp-330 | - |
| hp | deskjet_ink_advantage_3546_a9t82a | - |
| hp | envy_4520_f0v63b | - |
| hp | envy_photo_6200_k7s21b | - |
| hp | envy_5544_k7c89a | - |
| zyxel | amg1202-t10b | - |
| hp | envy_4501_c8d05a | - |
| epson | m571t | - |
| hp | envy_4509_d3p94a | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64a | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97c | - |
| hp | deskjet_ink_advantage_4536_f0v65a | - |
| nec | wr8165n | - |
| hp | envy_5535 | - |
| huawei | hg255s | - |
| hp | hp_envy_4516_k9h52a | - |
| broadcom | adsl | - |
| hp | deskjet_ink_advantage_4535_f0v64c | - |
| hp | hp_officejet_4652_f1j02a | - |
| epson | xp-320 | - |
| hp | hp_officejet_4655_k9v82b | - |
| hp | envy_photo_7100_3xd89a | - |
| hp | envy_6020_7cz37a | - |
| hp | hp_envy_4520_e6g67a | - |
| hp | envy_photo_7800_k7r96a | - |
| microsoft | xbox_one | 10.0.19041.2494 |
| hp | envy_pro_6420_6wd14a | - |
| hp | officejet_4657_v6d29b | - |
| hp | envy_pro_6455_5se45a | - |
| dlink | dvg-n5412sp | - |
| hp | envy_5644_b9s65a | - |
| hp | envy_100_cn519b | - |
| hp | hp_officejet_4650_e6g87a | - |
| hp | envy_6020_6wd35a | - |
| hp | envy_110_cq809b | - |
| epson | xp-4100 | - |
| epson | xp-620 | - |
| hp | envy_114_cq811b | - |
| hp | deskjet_ink_advantage_4538_f0v66b | - |
| hp | hp_envy_4524_f0v72b | - |
| hp | envy_5643_b9s63a | - |
| hp | hp_envy_4524_f0v71b | - |
| hp | hp_officejet_4655_k9v79a | - |
| hp | envy_photo_6200_k7g18a | - |
| hp | deskjet_ink_advantage_4535_f0v64b | - |
| hp | envy_110_cq809d | - |
| hp | hp_envy_4526_k9t05b | - |
| hp | envy_photo_7800_k7s10d | - |
| hp | deskjet_ink_advantage_3545_a9t81c | - |
| epson | ep-101 | - |
| canonical | ubuntu_linux | 20.04 |
| hp | envy_5541_k7g89a | - |
| hp | hp_officejet_4650_f1h96b | - |
| hp | hp_envy_4521_k9t10b | - |
| hp | envy_4512_k9h49a | - |
| hp | envy_4521_k9t10b | - |
| hp | hp_envy_4527_j6u61b | - |
| hp | hp_envy_4525_k9t09b | - |
| hp | envy_5544_k7c93a | - |
| hp | officejet_4655_k9v79a | - |
| hp | envy_4500_a9t89a | - |
| hp | envy_4520_f0v69a | - |
| hp | deskjet_ink_advantage_5575_g0v48c | - |
| hp | envy_4509_d3p94b | - |
| hp | envy_4524_f0v72b | - |
| canon | selphy_cp1200 | - |
| hp | envy_5665_f8b06a | - |
| hp | envy_111_cq810a | - |
| hp | envy_5020_m2u91b | - |
| epson | ew-m970a3t | - |
| hp | envy_4525_k9t09b | - |
| hp | hp_envy_4523_j6u60b | - |
| hp | envy_photo_7100_k7g93a | - |
| hp | envy_5548_k7g87a | - |
| hp | envy_photo_6222_y0k14d | - |
| hp | hp_deskjet_ink_advantage_4536_f0v65a | - |
| hp | envy_photo_6234_k7s21b | - |
| hp | deskjet_ink_advantage_3548_a9t81b | - |
| hp | hp_officejet_4652_f1j05b | - |
| hp | hp_officejet_4658_v6d30b | - |
| hp | envy_6020_5se17a | - |
| hp | envy_4511_k9h50a | - |
| epson | xp-2105 | - |
| hp | hp_envy_4520_f0v63a | - |
| hp | envy_110_cq809c | - |
| epson | xp-970 | - |
| hp | envy_4502_a9t85a | - |
| hp | envy_120_cz022b | - |
| hp | deskjet_ink_advantage_4535_f0v64a | - |
| debian | debian_linux | 10.0 |
| hp | envy_4524_k9t01a | - |
| hp | hp_officejet_4652_k9v84b | - |
| hp | officejet_4655_k9v82b | - |
| hp | envy_5546_k7c90a | - |
| hp | envy_4500_a9t80a | - |
| hp | envy_photo_7100_z3m37a | - |
| hp | officejet_4650_f1h96a | - |
| cisco | wap351 | - |
| hp | officejet_4652_k9v84b | - |
| hp | hp_envy_4512_k9h49a | - |
| hp | envy_pro_6452_5se47a | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64b | - |
| hp | envy_photo_6232_k7g26b | - |
| epson | xp-960 | - |
| fedoraproject | fedora | 31 |
| hp | envy_5000_m2u85b | - |
| hp | envy_4527_j6u61b | - |
| hp | envy_5536 | - |
| hp | hp_officejet_4650_f1h96a | - |
| asus | rt-n11 | - |
| hp | deskjet_ink_advantage_4518 | - |
| cisco | wap131 | - |
| hp | officejet_4652_f1j05b | - |
| hp | deskjet_ink_advantage_4675_f1h97c | - |
| hp | deskjet_ink_advantage_4675_f1h97a | - |
| hp | envy_5547_j6u64a | - |
| epson | xp-702 | - |
| hp | envy_4523_j6u60b | - |
| hp | envy_5545_g0v50a | - |
| epson | xp-440 | - |
| epson | xp-340 | - |
| hp | officejet_4656_k9v81b | - |
| hp | hp_envy_4511_k9h50a | - |
| hp | envy_5531 | - |
| epson | xp-630 | - |
| hp | envy_4516_k9h52a | - |
| debian | debian_linux | 9.0 |
| hp | deskjet_ink_advantage_4676_f1h98a | - |
| hp | officejet_4650_f1h96b | - |
| hp | envy_4504_c8d04a | - |
| hp | envy_photo_6220_k7g21b | - |
| hp | envy_4508_e6g72b | - |
| hp | envy_photo_6200_k7g26b | - |
| hp | envy_photo_6252_k7g22a | - |
| hp | envy_114_cq812a | - |
| hp | envy_5000_m2u85a | - |
| hp | hp_envy_4520_e6g67b | - |
| hp | envy_7644_e4w46a | - |
| epson | xp-4105 | - |
| hp | envy_5640_b9s56a | - |
| hp | officejet_4654_f1j06b | - |
| hp | officejet_4650_e6g87a | - |
| hp | envy_100_cn517c | - |
| hp | hp_officejet_4654_f1j06b | - |
| hp | envy_photo_7120_z3m41d | - |
| hp | hp_envy_4520_f0v63b | - |
| hp | envy_5000_m2u91a | * |
| hp | envy_5540_g0v52a | - |
| hp | envy_4520_e6g67b | - |
| hp | envy_5642_b9s64a | - |
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-669,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | f6x2w_firmware | 6.0.10p2t2 |
| zte | f6x2w_firmware | 6.0.10p2t5 |
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | e8820v3_firmware | * |
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | e8820v3_firmware | * |
ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | oscp | 16.19.20 |
| zte | oscp | 16.19.10 |
A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxctn_6500_firmware | 2.10.00r3b87 |
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zenic_one_r22b | 16.19.10p02sp002 |
| zte | zenic_one_r22b | 6.19.10p02sp005 |
There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | f680_firmware | zxhn_f680v9.0.10p1n6 |
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | ztemarket_apk | * |
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | netnumen_u31_r10_firmware | v12.17.20t115 |
The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | r5500g4_firmware | 03.07.0200 |
| zte | r8500g4_firmware | 03.05.0400 |
| zte | r5300g4_firmware | 03.07.0100 |
| zte | r5300g4_firmware | 03.04.0020 |
| zte | r5500g4_firmware | 03.08.0100 |
| zte | r5300g4_firmware | 03.05.0040 |
| zte | r5300g4_firmware | 03.05.0044 |
| zte | r5300g4_firmware | 03.08.0100 |
| zte | r8500g4_firmware | 03.07.0103 |
| zte | r5500g4_firmware | 03.06.0100 |
| zte | r5300g4_firmware | 03.05.0045 |
| zte | r5300g4_firmware | 03.05.0047 |
| zte | r5300g4_firmware | 03.07.0200 |
| zte | r8500g4_firmware | 03.05.0020 |
| zte | r5500g4_firmware | 03.07.0100 |
| zte | r8500g4_firmware | 03.06.0100 |
| zte | r5300g4_firmware | 03.05.0046 |
| zte | r8500g4_firmware | 03.07.0101 |
| zte | r5300g4_firmware | 03.05.0043 |
| zte | r5300g4_firmware | 03.07.0108 |
| zte | r5300g4_firmware | 03.07.0300 |
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | r5500g4_firmware | 03.07.0200 |
| zte | r8500g4_firmware | 03.05.0400 |
| zte | r5300g4_firmware | 03.07.0100 |
| zte | r5300g4_firmware | 03.04.0020 |
| zte | r5500g4_firmware | 03.08.0100 |
| zte | r5300g4_firmware | 03.05.0040 |
| zte | r5300g4_firmware | 03.05.0044 |
| zte | r5300g4_firmware | 03.08.0100 |
| zte | r8500g4_firmware | 03.07.0103 |
| zte | r5500g4_firmware | 03.06.0100 |
| zte | r5300g4_firmware | 03.05.0045 |
| zte | r5300g4_firmware | 03.05.0047 |
| zte | r5300g4_firmware | 03.07.0200 |
| zte | r8500g4_firmware | 03.05.0020 |
| zte | r5500g4_firmware | 03.07.0100 |
| zte | r8500g4_firmware | 03.06.0100 |
| zte | r5300g4_firmware | 03.05.0046 |
| zte | r8500g4_firmware | 03.07.0101 |
| zte | r5300g4_firmware | 03.05.0043 |
| zte | r5300g4_firmware | 03.07.0108 |
| zte | r5300g4_firmware | 03.07.0300 |
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_2800-4_almpufb(low)_firmware | * |
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxiptv_firmware | zxiptv-web-pv5.09.08.04 |
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxone_19700_snpe_firmware | zxone8700v1.40r2b13_snpe |
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | evdc | zxcloud-irosv6.03.04 |
A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxa10_eodn_firmware | 2.3p2t1 |
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.5 | LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.1 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f670l_firmware | v1.1.10p1n2e |
| zte | zxhn_z500_firmware | v1.0.0.2b1.1000 |
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_w908_firmware | * |
ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-346,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_e8820_firmware | 2.0.13 |
| zte | zxhn_e8822_firmware | 2.0.13 |
| zte | zxhn_e8810_firmware | 2.0.1 |
| zte | zxhn_e8810_firmware | 1.0.26 |
| zte | zxhn_e8820_firmware | 1.1.3 |
ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_e8820_firmware | 2.0.13 |
| zte | zxhn_e8822_firmware | 2.0.13 |
| zte | zxhn_e8810_firmware | 2.0.1 |
| zte | zxhn_e8810_firmware | 1.0.26 |
| zte | zxhn_e8820_firmware | 1.1.3 |
A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_b860a_firmware | v2.1-t_v0032.1.1.04_jiangsutelecom |
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_9904_firmware | * |
| zte | zxr10_9916_firmware | * |
| zte | zxr10_9908_firmware | * |
| zte | zxr10_9908-s_firmware | * |
| zte | zxr10_9904-s_firmware | * |
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_8900e_firmware | * |
A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.7 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.1 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h196q_firmware | 9.1.0c2 |
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L | 0.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxone_8700_firmware | 1.40.021.021cp049 |
| zte | zxone_19700_firmware | 1.0p02b219_@ncpm-release_2.40r1-20200914.set |
| zte | zxone_9700_firmware | 1.40.021.021cp049 |
A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f623_firmware | * |
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxa10_c300m_firmware | * |
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h168n_firmware | 3.5.0_eg1t5_te |
| zte | zxhn_h108n_firmware | 2.5.5_btmt1 |
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h168n_firmware | 3.5.0_ty.t6 |
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axon 11 5G ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | axon_11_5g_firmware | * |
The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcdn | * |
Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxa10_f821_firmware | 1.7.0p3t22 |
| zte | zxa10_f822_firmware | 1.4.3t6 |
| zte | zxa10_f809_firmware | 3.2.1t1 |
| zte | zxa10_f832v2_firmware | 2.00.00.01 |
| zte | zxa10_f819_firmware | 1.2.1t5 |
| zte | zxa10_f832_firmware | 1.1.1t7 |
| zte | zxa10_f839_firmware | 1.1.0t8 |
| zte | zxa10_f822p_firmware | 1.1.1t7 |
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-281,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h168n_firmware | * |
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_hs562_firmware | 1.0.0.0b2.0000 |
| zte | zxhn_hs562_firmware | 1.0.0.0b3.0000 |
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_b860h_v5.0_firmware | v83011303.0010 |
| zte | zxv10_b860h_v5.0_firmware | v83011303.0016 |
ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxiptv_firmware | zxiptv-eas_pv5.06.04.09 |
A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24>
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 0.9 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxctn_6120h_firmware | 5.10.00b24 |
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.4 | LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 0.9 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h2640_firmware | 10.0.0c6_ty |
There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxv10_m910_firmware | 1.2.19.01u01.01 |
| zte | zxv10_m910_firmware | 1.2.20.01u01.01 |
| zte | zxv10_m910_firmware | 1.2.21.01.04 |
| zte | zxv10_m910_firmware | 1.2.16.01u01.01 |
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | axon_30_pro_message_service | 5.3.1.2103091059 |
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf971r_firmware | 1v1.0.0b06 |
| zte | mf971r_firmware | v1.0.0b05 |
| zte | mf971r_firmware | sv1.0.0b05 |
| zte | mf971r_firmware | 2v1.0.0b03 |
| zte | mf971r_firmware | s2v1.0.0b03 |
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf971r_firmware | 1v1.0.0b06 |
| zte | mf971r_firmware | v1.0.0b05 |
| zte | mf971r_firmware | sv1.0.0b05 |
| zte | mf971r_firmware | 2v1.0.0b03 |
| zte | mf971r_firmware | s2v1.0.0b03 |
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf971r_firmware | 1v1.0.0b06 |
| zte | mf971r_firmware | v1.0.0b05 |
| zte | mf971r_firmware | sv1.0.0b05 |
| zte | mf971r_firmware | 2v1.0.0b03 |
| zte | mf971r_firmware | s2v1.0.0b03 |
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf971r_firmware | 1v1.0.0b06 |
| zte | mf971r_firmware | v1.0.0b05 |
| zte | mf971r_firmware | sv1.0.0b05 |
| zte | mf971r_firmware | 2v1.0.0b03 |
| zte | mf971r_firmware | s2v1.0.0b03 |
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf971r_firmware | 1v1.0.0b06 |
| zte | mf971r_firmware | v1.0.0b05 |
| zte | mf971r_firmware | sv1.0.0b05 |
| zte | mf971r_firmware | 2v1.0.0b03 |
| zte | mf971r_firmware | s2v1.0.0b03 |
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf971r_firmware | 1v1.0.0b06 |
| zte | mf971r_firmware | v1.0.0b05 |
| zte | mf971r_firmware | sv1.0.0b05 |
| zte | mf971r_firmware | 2v1.0.0b03 |
| zte | mf971r_firmware | s2v1.0.0b03 |
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf971r_firmware | 1v1.0.0b06 |
| zte | mf971r_firmware | v1.0.0b05 |
| zte | mf971r_firmware | sv1.0.0b05 |
| zte | mf971r_firmware | 2v1.0.0b03 |
| zte | mf971r_firmware | s2v1.0.0b03 |
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxin10_cms | * |
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxin10_cms | * |
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H | 1.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f677_firmware | * |
| zte | zxhn_f477_firmware | * |
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_f680_firmware | 6.0.10p3n20 |
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcdn_firmware | * |
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf297d_firmware | mf297d_nordic1_b05 |
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxmp_m721_firmware | 5.10.030.006 |
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxmp_m721_firmware | commond21bootv100004_ls1045 |
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxen_cg200_firmware | * |
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | otcp_firmware | * |
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxa10_b700v7_firmware | * |
| zte | zxa10_s200a_firmware | * |
| zte | zxa10_b766v2_firmware | * |
| zte | zxa10_b960gv1_firmware | * |
| zte | zxa10_s200t_firmware | * |
| zte | zxa10_b710s2-a19_firmware | * |
| zte | zxa10_b866v2-h_firmware | * |
| zte | zxa10_b836ct-a15_firmware | * |
| zte | zxa10_b710c-a12_firmware | * |
| zte | zxa10_b866v5-w10_firmware | * |
| zte | zxa10_b800v2_firmware | * |
| zte | zxa10_b76hv3_firmware | * |
| zte | zxa10_b860h_firmware | * |
| zte | zxa10_b860av2.1_firmware | * |
| zte | zxa10_s100v_firmware | * |
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf286r_firmware | * |
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf286r_firmware | * |
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zaip-aie | * |
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxa10_c350m_firmware | * |
| zte | zxa10_c300m_firmware | * |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | blade_v20_smart_firmware | * |
| zte | blade_a7s_firmware | * |
| zte | blade_l210_firmware | * |
| zte | blade_v30_firmware | * |
| zte | blade_v30_vita_firmware | * |
| zte | blade_a31_plus_firmware | * |
| zte | axon_40_ultra_firmware | * |
| zte | blade_a52_firmware | * |
| zte | blade_a72_firmware | * |
| zte | blade_a5_2019_firmware | * |
| zte | blade_a51_firmware | * |
| zte | blade_a71_firmware | * |
| zte | blade_v40_vita_firmware | * |
| zte | blade_a3_lite_firmware | * |
| zte | blade_a5_2020_firmware | * |
| zte | blade_a31_firmware | * |
| zte | v40_pro_firmware | * |
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf286r_firmware | nordic_mf286r_b06 |
| zte | mf289d_firmware | cr_tmoczmf289dv1.0.0b07 |
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf286r_firmware | nordic_mf286r_b06 |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | blade_v20_smart_firmware | * |
| zte | blade_a7s_firmware | * |
| zte | blade_l210_firmware | * |
| zte | blade_v30_firmware | * |
| zte | blade_v30_vita_firmware | * |
| zte | blade_a31_plus_firmware | * |
| zte | axon_40_ultra_firmware | * |
| zte | blade_a52_firmware | * |
| zte | blade_a72_firmware | * |
| zte | blade_a5_2019_firmware | * |
| zte | blade_a51_firmware | * |
| zte | blade_a71_firmware | * |
| zte | blade_v40_vita_firmware | * |
| zte | blade_a3_lite_firmware | * |
| zte | blade_a5_2020_firmware | * |
| zte | blade_a31_firmware | * |
| zte | v40_pro_firmware | * |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | blade_v20_smart_firmware | * |
| zte | blade_a7s_firmware | * |
| zte | blade_l210_firmware | * |
| zte | blade_v30_firmware | * |
| zte | blade_v30_vita_firmware | * |
| zte | blade_a31_plus_firmware | * |
| zte | axon_40_ultra_firmware | * |
| zte | blade_a52_firmware | * |
| zte | blade_a72_firmware | * |
| zte | blade_a5_2019_firmware | * |
| zte | blade_a51_firmware | * |
| zte | blade_a71_firmware | * |
| zte | blade_v40_vita_firmware | * |
| zte | blade_a3_lite_firmware | * |
| zte | blade_a5_2020_firmware | * |
| zte | blade_a31_firmware | * |
| zte | v40_pro_firmware | * |
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn-h108ns_firmware | h108nsv1.0.7u_zrd_gr2_a68 |
There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
| psirt@zte.com.cn | 5.9 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L | 1.7 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mc801a_firmware | mc801a_elisa3_b19 |
| zte | mc801a1_firmware | mc801a1_elisa1_b04 |
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 8.4 | HIGH | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.7 | 6.0 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mc801a_firmware | mc801a_elisa3_b19 |
| zte | mc801a1_firmware | mc801a1_elisa1_b04 |
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mc801a_firmware | mc801a_elisa3_b19 |
| zte | mc801a1_firmware | mc801a1_elisa1_b04 |
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | up_t2_4k_firmware | v84511302.1427 |
| zte | zxv10_b866v2-h_firmware | v84711321.0040 |
| zte | zxv10_b860h_v5d0_firmware | v83011303.0069 |
| zte | zxv10_b866v2_firmware | v82815416.1027 |
| zte | zxv10_b866v2f_firmware | v86111338.0026 |
| zte | zxv10_b866v2f_firmware | v86111338.0033 |
| zte | zxv10_b866v2f_firmware | v86111338.0035 |
| zte | zxv10_b866v2-h_firmware | v84711321.0045 |
| zte | zxv10_b860h_v5d0_firmware | v83011303.0049 |
| zte | zxv10_b866v2_firmware | v84711309.0018 |
| zte | zxv10_b866v2f_firmware | v86111338.0031 |
| zte | zxv10_b866v2_firmware | v84711309.0019 |
| zte | zxv10_b866v2_firmware | v82815416.1029 |
| zte | zxv10_b866v2_firmware | v82811306.3021 |
| zte | zxv10_b866v2-h_firmware | v84711321.0049 |
| zte | zxv10_b860h_v5d0_firmware | v83011303.0053 |
| zte | zxv10_b866v2_firmware | v84711309.0016 |
| zte | zxv10_b866v2-h_firmware | v84711321.0038 |
| zte | zxv10_b866v2_firmware | v82815416.2012 |
| zte | zxv10_b860h_v5d0_firmware | v83011303.0051 |
| zte | zxv10_b860h_v5d0_firmware | v83011303.0063 |
| zte | zxv10_b866v2_firmware | v82815416.1028 |
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 7.1 | HIGH | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 0.5 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxhn_h388x_firmware | 10.1_agzhm_1.3.1 |
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.0 | 3.6 |
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | axon_40_pro_firmware | * |
| zte | axon_30_firmware | * |
| zte | axon_40_ultra_firmware | * |
| zte | nubia_z50_firmware | * |
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L | 1.0 | 5.5 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.8 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf286r_firmware | cr_lvwrgbmf286rv1.0.0b04 |
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
| psirt@zte.com.cn | 4.3 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | 0.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf286r_firmware | cr_lvwrgbmf286rv1.0.0b04 |
| zte | mf833u1_firmware | bd_mf833u1v1.0.0b01 |
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@zte.com.cn | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| psirt@zte.com.cn | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 5.7 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L | 0.9 | 4.7 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf258_firmware | zte_std_v1.0.0b08 |
| zte | mf258_firmware | zte_std_v1.0.0b10 |
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L | 1.3 | 3.4 |
| psirt@zte.com.cn | 3.9 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L | 1.3 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 4.3 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 0.9 | 3.4 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai_firmware | * |
| zte | zxcloud_irai | * |
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.6 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L | 0.8 | 5.3 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | red_magic_8_pro_firmware | gen_cn_nx729jv1.0.0b21mr |
| zte | redmagic_8_pro_firmware | gen_cn_nx729jv1.0.0b21mr |
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | wrtm326_firmware | * |
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.3 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L | 0.5 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_irai | * |
The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
| psirt@zte.com.cn | 7.6 | HIGH | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H | 1.0 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zenic_one_r58 | * |
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 8.3 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L | 2.8 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxun-epdg | * |
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.8 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf258k_pro_firmware | 1.0.0b03 |
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_1800-2s_firmware | * |
| zte | zxr10_2800-4_firmware | * |
| zte | zxr10_3800-8_firmware | * |
| zte | zxr10_160_firmware | * |
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.8 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | nh8091_firmware | znh8091v1.8 |
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H | 0.5 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxr10_1800-2s_firmware | * |
| zte | zxr10_2800-4_firmware | * |
| zte | zxr10_3800-8_firmware | * |
| zte | zxr10_160_firmware | * |
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 4.1 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L | 0.7 | 3.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendb | 7.2.01.01 |
| zte | zxcloud_goldendb | * |
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendb | 6.1.03.09 |
| zte | zxcloud_goldendb | 7.2.01.01 |
| zte | zxcloud_goldendb | 6.1.03.10 |
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L | 3.9 | 2.5 |
| psirt@zte.com.cn | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendb | 6.1.03.09 |
| zte | zxcloud_goldendb | 7.2.01.01 |
| zte | zxcloud_goldendb | 6.1.03.10 |
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendb | 7.2.01.01 |
| zte | zxcloud_goldendb | * |
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| psirt@zte.com.cn | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendb | 7.2.01.01 |
| zte | zxcloud_goldendb | * |
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@zte.com.cn | 8.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H | 1.7 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendb | 7.2.01.01 |
| zte | zxcloud_goldendb | * |
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | 3.1 | 4.0 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | zxcloud_goldendb | * |
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@zte.com.cn | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zte | mf258k_pro_firmware | zte_mf258kpro_play_v1.0.0b03 |
| zte | mf258k_pro_firmware | zte_mf258pro_std_v1.0.0b04 |