VYPR

Vendor CVEs

Zte

All CVEs

179 total · sorted by risk
  • CVE-2014-8493Nov 20, 2014
    risk 0.04cvss epss 0.08

    ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

  • CVE-2014-4154Jul 16, 2014
    risk 0.04cvss epss 0.07

    ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.

  • CVE-2014-4018Jul 16, 2014
    risk 0.04cvss epss 0.06

    The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

  • CVE-2014-0329Feb 4, 2014
    risk 0.04cvss epss 0.09

    The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

  • CVE-2021-21745Oct 20, 2021
    risk 0.03cvss epss 0.56

    ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.

  • CVE-2014-4155Jun 19, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.

  • CVE-2012-4746Aug 31, 2012
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

  • CVE-2020-29007Apr 15, 2023
    risk 0.02cvss epss 0.02

    The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary…

  • CVE-2022-39073Jan 6, 2023
    risk 0.01cvss epss 0.03

    There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

  • CVE-2025-66315Jan 9, 2026
    risk 0.00cvss epss 0.00

    There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.

  • CVE-2024-22063Dec 30, 2024
    risk 0.00cvss epss 0.01

    The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.

  • CVE-2024-22067Nov 18, 2024
    risk 0.00cvss epss 0.01

    ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.

  • CVE-2024-22066Oct 29, 2024
    risk 0.00cvss epss 0.00

    There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.

  • CVE-2024-22065Oct 29, 2024
    risk 0.00cvss epss 0.01

    There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

  • CVE-2024-22068Oct 10, 2024
    risk 0.00cvss epss 0.00

    Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.

  • CVE-2022-39068Sep 18, 2024
    risk 0.00cvss epss 0.00

    There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.

  • CVE-2024-22069Aug 8, 2024
    risk 0.00cvss epss 0.00

    There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

  • CVE-2024-22062Jul 9, 2024
    risk 0.00cvss epss 0.00

    There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.

  • CVE-2023-25646Jun 20, 2024
    risk 0.00cvss epss 0.00

    There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

  • CVE-2024-22064May 10, 2024
    risk 0.00cvss epss 0.00

    ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are…

  • CVE-2023-41781Jan 10, 2024
    risk 0.00cvss epss 0.00

    There is a Cross-site scripting (XSS)  vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.

  • CVE-2023-41782Jan 5, 2024
    risk 0.00cvss epss 0.00

    There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

  • CVE-2023-41784Jan 4, 2024
    risk 0.00cvss epss 0.00

    Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

  • CVE-2023-41783Jan 3, 2024
    risk 0.00cvss epss 0.01

    There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.

  • CVE-2023-41776Jan 3, 2024
    risk 0.00cvss epss 0.00

    There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.

  • CVE-2023-41780Jan 3, 2024
    risk 0.00cvss epss 0.00

    There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.

  • CVE-2023-41779Jan 3, 2024
    risk 0.00cvss epss 0.00

    There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.

  • CVE-2023-25650Dec 14, 2023
    risk 0.00cvss epss 0.01

    There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.

  • CVE-2023-25648Dec 14, 2023
    risk 0.00cvss epss 0.00

    There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

  • CVE-2023-25649Aug 25, 2023
    risk 0.00cvss epss 0.02

    There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

  • CVE-2023-25647Aug 17, 2023
    risk 0.00cvss epss 0.00

    There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.

  • CVE-2023-25645Jun 16, 2023
    risk 0.00cvss epss 0.00

    There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear…

  • CVE-2022-45957Dec 12, 2022
    risk 0.00cvss epss 0.11

    ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.

  • CVE-2022-23143Dec 5, 2022
    risk 0.00cvss epss 0.01

    ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.

  • CVE-2022-39067Nov 22, 2022
    risk 0.00cvss epss 0.01

    There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.

  • CVE-2022-39069Nov 8, 2022
    risk 0.00cvss epss 0.00

    There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.

  • CVE-2022-23144Sep 23, 2022
    risk 0.00cvss epss 0.01

    There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

  • CVE-2022-23142Jul 18, 2022
    risk 0.00cvss epss 0.01

    ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.

  • CVE-2022-23141Jul 15, 2022
    risk 0.00cvss epss 0.01

    ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.

  • CVE-2022-23138Jun 9, 2022
    risk 0.00cvss epss 0.01

    ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.

  • CVE-2022-23139May 12, 2022
    risk 0.00cvss epss 0.01

    ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that…

  • CVE-2022-23137May 11, 2022
    risk 0.00cvss epss 0.01

    ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.

  • CVE-2021-21750Dec 27, 2021
    risk 0.00cvss epss 0.00

    ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.

  • CVE-2021-21751Dec 27, 2021
    risk 0.00cvss epss 0.01

    ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause…

  • CVE-2021-21748Oct 20, 2021
    risk 0.00cvss epss 0.02

    ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

  • CVE-2021-21749Oct 20, 2021
    risk 0.00cvss epss 0.02

    ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

  • CVE-2021-21743Oct 20, 2021
    risk 0.00cvss epss 0.01

    ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

  • CVE-2021-21744Oct 20, 2021
    risk 0.00cvss epss 0.01

    ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.

  • CVE-2021-21747Oct 20, 2021
    risk 0.00cvss epss 0.01

    ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

  • CVE-2021-21746Oct 20, 2021
    risk 0.00cvss epss 0.01

    ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.