Vendor CVEs
Zte
All CVEs
179 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8493 | 0.04 | — | 0.08 | Nov 20, 2014 | ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. | |||
| CVE-2014-4154 | 0.04 | — | 0.07 | Jul 16, 2014 | ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. | |||
| CVE-2014-4018 | 0.04 | — | 0.06 | Jul 16, 2014 | The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-0329 | 0.04 | — | 0.09 | Feb 4, 2014 | The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. | |||
| CVE-2021-21745 | 0.03 | — | 0.56 | Oct 20, 2021 | ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. | |||
| CVE-2014-4155 | 0.03 | — | 0.02 | Jun 19, 2014 | Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. | |||
| CVE-2012-4746 | 0.03 | — | 0.01 | Aug 31, 2012 | Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | |||
| CVE-2020-29007 | 0.02 | — | 0.02 | Apr 15, 2023 | The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary… | |||
| CVE-2022-39073 | 0.01 | — | 0.03 | Jan 6, 2023 | There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | |||
| CVE-2025-66315 | 0.00 | — | 0.00 | Jan 9, 2026 | There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory. | |||
| CVE-2024-22063 | 0.00 | — | 0.01 | Dec 30, 2024 | The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices. | |||
| CVE-2024-22067 | 0.00 | — | 0.01 | Nov 18, 2024 | ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands. | |||
| CVE-2024-22066 | 0.00 | — | 0.00 | Oct 29, 2024 | There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | |||
| CVE-2024-22065 | 0.00 | — | 0.01 | Oct 29, 2024 | There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | |||
| CVE-2024-22068 | 0.00 | — | 0.00 | Oct 10, 2024 | Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. | |||
| CVE-2022-39068 | 0.00 | — | 0.00 | Sep 18, 2024 | There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||
| CVE-2024-22069 | 0.00 | — | 0.00 | Aug 8, 2024 | There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | |||
| CVE-2024-22062 | 0.00 | — | 0.00 | Jul 9, 2024 | There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration. | |||
| CVE-2023-25646 | 0.00 | — | 0.00 | Jun 20, 2024 | There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations. | |||
| CVE-2024-22064 | 0.00 | — | 0.00 | May 10, 2024 | ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are… | |||
| CVE-2023-41781 | 0.00 | — | 0.00 | Jan 10, 2024 | There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. | |||
| CVE-2023-41782 | 0.00 | — | 0.00 | Jan 5, 2024 | There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | |||
| CVE-2023-41784 | 0.00 | — | 0.00 | Jan 4, 2024 | Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | |||
| CVE-2023-41783 | 0.00 | — | 0.01 | Jan 3, 2024 | There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | |||
| CVE-2023-41776 | 0.00 | — | 0.00 | Jan 3, 2024 | There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | |||
| CVE-2023-41780 | 0.00 | — | 0.00 | Jan 3, 2024 | There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | |||
| CVE-2023-41779 | 0.00 | — | 0.00 | Jan 3, 2024 | There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | |||
| CVE-2023-25650 | 0.00 | — | 0.01 | Dec 14, 2023 | There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. | |||
| CVE-2023-25648 | 0.00 | — | 0.00 | Dec 14, 2023 | There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. | |||
| CVE-2023-25649 | 0.00 | — | 0.02 | Aug 25, 2023 | There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | |||
| CVE-2023-25647 | 0.00 | — | 0.00 | Aug 17, 2023 | There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. | |||
| CVE-2023-25645 | 0.00 | — | 0.00 | Jun 16, 2023 | There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear… | |||
| CVE-2022-45957 | 0.00 | — | 0.11 | Dec 12, 2022 | ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. | |||
| CVE-2022-23143 | 0.00 | — | 0.01 | Dec 5, 2022 | ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. | |||
| CVE-2022-39067 | 0.00 | — | 0.01 | Nov 22, 2022 | There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||
| CVE-2022-39069 | 0.00 | — | 0.00 | Nov 8, 2022 | There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. | |||
| CVE-2022-23144 | 0.00 | — | 0.01 | Sep 23, 2022 | There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. | |||
| CVE-2022-23142 | 0.00 | — | 0.01 | Jul 18, 2022 | ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible. | |||
| CVE-2022-23141 | 0.00 | — | 0.01 | Jul 15, 2022 | ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. | |||
| CVE-2022-23138 | 0.00 | — | 0.01 | Jun 9, 2022 | ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. | |||
| CVE-2022-23139 | 0.00 | — | 0.01 | May 12, 2022 | ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that… | |||
| CVE-2022-23137 | 0.00 | — | 0.01 | May 11, 2022 | ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered. | |||
| CVE-2021-21750 | 0.00 | — | 0.00 | Dec 27, 2021 | ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access. | |||
| CVE-2021-21751 | 0.00 | — | 0.01 | Dec 27, 2021 | ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause… | |||
| CVE-2021-21748 | 0.00 | — | 0.02 | Oct 20, 2021 | ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code. | |||
| CVE-2021-21749 | 0.00 | — | 0.02 | Oct 20, 2021 | ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code. | |||
| CVE-2021-21743 | 0.00 | — | 0.01 | Oct 20, 2021 | ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request. | |||
| CVE-2021-21744 | 0.00 | — | 0.01 | Oct 20, 2021 | ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled. | |||
| CVE-2021-21747 | 0.00 | — | 0.01 | Oct 20, 2021 | ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information. | |||
| CVE-2021-21746 | 0.00 | — | 0.01 | Oct 20, 2021 | ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information. |
- CVE-2014-8493Nov 20, 2014risk 0.04cvss —epss 0.08
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
- CVE-2014-4154Jul 16, 2014risk 0.04cvss —epss 0.07
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
- CVE-2014-4018Jul 16, 2014risk 0.04cvss —epss 0.06
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-0329Feb 4, 2014risk 0.04cvss —epss 0.09
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
- CVE-2021-21745Oct 20, 2021risk 0.03cvss —epss 0.56
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.
- CVE-2014-4155Jun 19, 2014risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
- CVE-2012-4746Aug 31, 2012risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
- CVE-2020-29007Apr 15, 2023risk 0.02cvss —epss 0.02
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary…
- CVE-2022-39073Jan 6, 2023risk 0.01cvss —epss 0.03
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
- CVE-2025-66315Jan 9, 2026risk 0.00cvss —epss 0.00
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
- CVE-2024-22063Dec 30, 2024risk 0.00cvss —epss 0.01
The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.
- CVE-2024-22067Nov 18, 2024risk 0.00cvss —epss 0.01
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.
- CVE-2024-22066Oct 29, 2024risk 0.00cvss —epss 0.00
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
- CVE-2024-22065Oct 29, 2024risk 0.00cvss —epss 0.01
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
- CVE-2024-22068Oct 10, 2024risk 0.00cvss —epss 0.00
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
- CVE-2022-39068Sep 18, 2024risk 0.00cvss —epss 0.00
There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.
- CVE-2024-22069Aug 8, 2024risk 0.00cvss —epss 0.00
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
- CVE-2024-22062Jul 9, 2024risk 0.00cvss —epss 0.00
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.
- CVE-2023-25646Jun 20, 2024risk 0.00cvss —epss 0.00
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.
- CVE-2024-22064May 10, 2024risk 0.00cvss —epss 0.00
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are…
- CVE-2023-41781Jan 10, 2024risk 0.00cvss —epss 0.00
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.
- CVE-2023-41782Jan 5, 2024risk 0.00cvss —epss 0.00
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.
- CVE-2023-41784Jan 4, 2024risk 0.00cvss —epss 0.00
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro
- CVE-2023-41783Jan 3, 2024risk 0.00cvss —epss 0.01
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
- CVE-2023-41776Jan 3, 2024risk 0.00cvss —epss 0.00
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.
- CVE-2023-41780Jan 3, 2024risk 0.00cvss —epss 0.00
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
- CVE-2023-41779Jan 3, 2024risk 0.00cvss —epss 0.00
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.
- CVE-2023-25650Dec 14, 2023risk 0.00cvss —epss 0.01
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.
- CVE-2023-25648Dec 14, 2023risk 0.00cvss —epss 0.00
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.
- CVE-2023-25649Aug 25, 2023risk 0.00cvss —epss 0.02
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
- CVE-2023-25647Aug 17, 2023risk 0.00cvss —epss 0.00
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
- CVE-2023-25645Jun 16, 2023risk 0.00cvss —epss 0.00
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear…
- CVE-2022-45957Dec 12, 2022risk 0.00cvss —epss 0.11
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.
- CVE-2022-23143Dec 5, 2022risk 0.00cvss —epss 0.01
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
- CVE-2022-39067Nov 22, 2022risk 0.00cvss —epss 0.01
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
- CVE-2022-39069Nov 8, 2022risk 0.00cvss —epss 0.00
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.
- CVE-2022-23144Sep 23, 2022risk 0.00cvss —epss 0.01
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
- CVE-2022-23142Jul 18, 2022risk 0.00cvss —epss 0.01
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
- CVE-2022-23141Jul 15, 2022risk 0.00cvss —epss 0.01
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
- CVE-2022-23138Jun 9, 2022risk 0.00cvss —epss 0.01
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.
- CVE-2022-23139May 12, 2022risk 0.00cvss —epss 0.01
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that…
- CVE-2022-23137May 11, 2022risk 0.00cvss —epss 0.01
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
- CVE-2021-21750Dec 27, 2021risk 0.00cvss —epss 0.00
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
- CVE-2021-21751Dec 27, 2021risk 0.00cvss —epss 0.01
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause…
- CVE-2021-21748Oct 20, 2021risk 0.00cvss —epss 0.02
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
- CVE-2021-21749Oct 20, 2021risk 0.00cvss —epss 0.02
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
- CVE-2021-21743Oct 20, 2021risk 0.00cvss —epss 0.01
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.
- CVE-2021-21744Oct 20, 2021risk 0.00cvss —epss 0.01
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.
- CVE-2021-21747Oct 20, 2021risk 0.00cvss —epss 0.01
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
- CVE-2021-21746Oct 20, 2021risk 0.00cvss —epss 0.01
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
Page 2 of 4