ZXHN F670
by Zte
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6879 | 0.00 | — | 0.00 | Nov 19, 2020 | Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a… | |||
| CVE-2019-3418 | 0.00 | — | 0.00 | Aug 15, 2019 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | |||
| CVE-2019-3417 | 0.00 | — | 0.02 | Aug 15, 2019 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. | |||
| CVE-2018-7359 | 0.00 | — | 0.01 | Nov 16, 2018 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. | |||
| CVE-2018-7362 | 0.00 | — | 0.00 | Nov 16, 2018 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. | |||
| CVE-2018-7363 | 0.00 | — | 0.00 | Nov 16, 2018 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | |||
| CVE-2018-7361 | 0.00 | — | 0.00 | Nov 16, 2018 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. | |||
| CVE-2018-7360 | 0.00 | — | 0.00 | Nov 16, 2018 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. |
- CVE-2020-6879Nov 19, 2020risk 0.00cvss —epss 0.00
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a…
- CVE-2019-3418Aug 15, 2019risk 0.00cvss —epss 0.00
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.
- CVE-2019-3417Aug 15, 2019risk 0.00cvss —epss 0.02
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
- CVE-2018-7359Nov 16, 2018risk 0.00cvss —epss 0.01
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
- CVE-2018-7362Nov 16, 2018risk 0.00cvss —epss 0.00
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.
- CVE-2018-7363Nov 16, 2018risk 0.00cvss —epss 0.00
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.
- CVE-2018-7361Nov 16, 2018risk 0.00cvss —epss 0.00
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.
- CVE-2018-7360Nov 16, 2018risk 0.00cvss —epss 0.00
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.