Vendor CVEs
Zte
All CVEs
179 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21742 | 0.00 | — | 0.01 | Sep 24, 2021 | There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. | |||
| CVE-2021-21738 | 0.00 | — | 0.01 | Aug 5, 2021 | ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects:… | |||
| CVE-2021-21739 | 0.00 | — | 0.00 | Aug 5, 2021 | A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system… | |||
| CVE-2021-21737 | 0.00 | — | 0.01 | Jun 24, 2021 | A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10… | |||
| CVE-2021-21736 | 0.00 | — | 0.01 | Jun 10, 2021 | A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera,… | |||
| CVE-2021-21734 | 0.00 | — | 0.01 | May 28, 2021 | Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8,… | |||
| CVE-2021-21733 | 0.00 | — | 0.01 | May 19, 2021 | The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02. | |||
| CVE-2021-21732 | 0.00 | — | 0.01 | May 19, 2021 | A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive… | |||
| CVE-2021-21729 | 0.00 | — | 0.00 | Apr 13, 2021 | Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 | |||
| CVE-2021-21730 | 0.00 | — | 0.01 | Apr 13, 2021 | A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 | |||
| CVE-2021-21731 | 0.00 | — | 0.00 | Apr 13, 2021 | A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the… | |||
| CVE-2021-21728 | 0.00 | — | 0.01 | Apr 9, 2021 | A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing… | |||
| CVE-2021-21727 | 0.00 | — | 0.01 | Mar 29, 2021 | A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects: | |||
| CVE-2021-21726 | 0.00 | — | 0.00 | Mar 12, 2021 | Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This… | |||
| CVE-2021-21725 | 0.00 | — | 0.00 | Mar 5, 2021 | A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. | |||
| CVE-2021-21724 | 0.00 | — | 0.00 | Feb 26, 2021 | A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E,… | |||
| CVE-2021-21723 | 0.00 | — | 0.01 | Jan 21, 2021 | Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of… | |||
| CVE-2021-21722 | 0.00 | — | 0.00 | Jan 14, 2021 | A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A… | |||
| CVE-2020-6882 | 0.00 | — | 0.01 | Dec 21, 2020 | ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices… | |||
| CVE-2020-6881 | 0.00 | — | 0.01 | Dec 21, 2020 | ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which… | |||
| CVE-2020-6879 | 0.00 | — | 0.01 | Nov 19, 2020 | Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a… | |||
| CVE-2020-6877 | 0.00 | — | 0.01 | Nov 5, 2020 | A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 | |||
| CVE-2020-6876 | 0.00 | — | 0.01 | Oct 26, 2020 | A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web… | |||
| CVE-2020-6875 | 0.00 | — | 0.01 | Oct 5, 2020 | A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700… | |||
| CVE-2020-6873 | 0.00 | — | 0.01 | Sep 1, 2020 | A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be… | |||
| CVE-2020-6874 | 0.00 | — | 0.00 | Sep 1, 2020 | A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV,… | |||
| CVE-2020-6871 | 0.00 | — | 0.02 | Jul 20, 2020 | The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V0… | |||
| CVE-2020-6870 | 0.00 | — | 0.01 | Jun 24, 2020 | The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation… | |||
| CVE-2020-6869 | 0.00 | — | 0.01 | Jun 17, 2020 | All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. | |||
| CVE-2020-6868 | 0.00 | — | 0.01 | Jun 1, 2020 | There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to… | |||
| CVE-2020-6866 | 0.00 | — | 0.01 | Apr 30, 2020 | A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87. | |||
| CVE-2020-6865 | 0.00 | — | 0.01 | Apr 30, 2020 | ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this… | |||
| CVE-2020-6867 | 0.00 | — | 0.00 | Apr 30, 2020 | ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE… | |||
| CVE-2020-6864 | 0.00 | — | 0.01 | Feb 27, 2020 | ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. | |||
| CVE-2020-6863 | 0.00 | — | 0.01 | Feb 27, 2020 | ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. | |||
| CVE-2019-3431 | 0.00 | — | 0.00 | Dec 23, 2019 | All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access. | |||
| CVE-2019-3430 | 0.00 | — | 0.01 | Dec 23, 2019 | All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system. | |||
| CVE-2019-3429 | 0.00 | — | 0.01 | Dec 23, 2019 | All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information. | |||
| CVE-2019-3428 | 0.00 | — | 0.01 | Nov 22, 2019 | The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage. | |||
| CVE-2019-3427 | 0.00 | — | 0.01 | Nov 22, 2019 | The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage. | |||
| CVE-2019-3424 | 0.00 | — | 0.01 | Nov 18, 2019 | authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations. | |||
| CVE-2019-3423 | 0.00 | — | 0.01 | Nov 18, 2019 | permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources. | |||
| CVE-2019-3420 | 0.00 | — | 0.01 | Nov 13, 2019 | All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. | |||
| CVE-2019-3426 | 0.00 | — | 0.01 | Nov 8, 2019 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. | |||
| CVE-2019-3425 | 0.00 | — | 0.01 | Nov 8, 2019 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. | |||
| CVE-2019-3422 | 0.00 | — | 0.01 | Nov 7, 2019 | The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can… | |||
| CVE-2019-3421 | 0.00 | — | 0.01 | Oct 31, 2019 | The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. | |||
| CVE-2019-3419 | 0.00 | — | 0.01 | Oct 31, 2019 | A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service. | |||
| CVE-2019-3416 | 0.00 | — | 0.01 | Sep 23, 2019 | All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. | |||
| CVE-2019-3418 | 0.00 | — | 0.01 | Aug 15, 2019 | All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. |
- CVE-2021-21742Sep 24, 2021risk 0.00cvss —epss 0.01
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
- CVE-2021-21738Aug 5, 2021risk 0.00cvss —epss 0.01
ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects:…
- CVE-2021-21739Aug 5, 2021risk 0.00cvss —epss 0.00
A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system…
- CVE-2021-21737Jun 24, 2021risk 0.00cvss —epss 0.01
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10…
- CVE-2021-21736Jun 10, 2021risk 0.00cvss —epss 0.01
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera,…
- CVE-2021-21734May 28, 2021risk 0.00cvss —epss 0.01
Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8,…
- CVE-2021-21733May 19, 2021risk 0.00cvss —epss 0.01
The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.
- CVE-2021-21732May 19, 2021risk 0.00cvss —epss 0.01
A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive…
- CVE-2021-21729Apr 13, 2021risk 0.00cvss —epss 0.00
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
- CVE-2021-21730Apr 13, 2021risk 0.00cvss —epss 0.01
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6
- CVE-2021-21731Apr 13, 2021risk 0.00cvss —epss 0.00
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the…
- CVE-2021-21728Apr 9, 2021risk 0.00cvss —epss 0.01
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing…
- CVE-2021-21727Mar 29, 2021risk 0.00cvss —epss 0.01
A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:
- CVE-2021-21726Mar 12, 2021risk 0.00cvss —epss 0.00
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This…
- CVE-2021-21725Mar 5, 2021risk 0.00cvss —epss 0.00
A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.
- CVE-2021-21724Feb 26, 2021risk 0.00cvss —epss 0.00
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E,…
- CVE-2021-21723Jan 21, 2021risk 0.00cvss —epss 0.01
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of…
- CVE-2021-21722Jan 14, 2021risk 0.00cvss —epss 0.00
A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A…
- CVE-2020-6882Dec 21, 2020risk 0.00cvss —epss 0.01
ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices…
- CVE-2020-6881Dec 21, 2020risk 0.00cvss —epss 0.01
ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which…
- CVE-2020-6879Nov 19, 2020risk 0.00cvss —epss 0.01
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a…
- CVE-2020-6877Nov 5, 2020risk 0.00cvss —epss 0.01
A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1
- CVE-2020-6876Oct 26, 2020risk 0.00cvss —epss 0.01
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web…
- CVE-2020-6875Oct 5, 2020risk 0.00cvss —epss 0.01
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700…
- CVE-2020-6873Sep 1, 2020risk 0.00cvss —epss 0.01
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be…
- CVE-2020-6874Sep 1, 2020risk 0.00cvss —epss 0.00
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV,…
- CVE-2020-6871Jul 20, 2020risk 0.00cvss —epss 0.02
The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V0…
- CVE-2020-6870Jun 24, 2020risk 0.00cvss —epss 0.01
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation…
- CVE-2020-6869Jun 17, 2020risk 0.00cvss —epss 0.01
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
- CVE-2020-6868Jun 1, 2020risk 0.00cvss —epss 0.01
There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to…
- CVE-2020-6866Apr 30, 2020risk 0.00cvss —epss 0.01
A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87.
- CVE-2020-6865Apr 30, 2020risk 0.00cvss —epss 0.01
ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this…
- CVE-2020-6867Apr 30, 2020risk 0.00cvss —epss 0.00
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE…
- CVE-2020-6864Feb 27, 2020risk 0.00cvss —epss 0.01
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.
- CVE-2020-6863Feb 27, 2020risk 0.00cvss —epss 0.01
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.
- CVE-2019-3431Dec 23, 2019risk 0.00cvss —epss 0.00
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.
- CVE-2019-3430Dec 23, 2019risk 0.00cvss —epss 0.01
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system.
- CVE-2019-3429Dec 23, 2019risk 0.00cvss —epss 0.01
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.
- CVE-2019-3428Nov 22, 2019risk 0.00cvss —epss 0.01
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage.
- CVE-2019-3427Nov 22, 2019risk 0.00cvss —epss 0.01
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage.
- CVE-2019-3424Nov 18, 2019risk 0.00cvss —epss 0.01
authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations.
- CVE-2019-3423Nov 18, 2019risk 0.00cvss —epss 0.01
permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources.
- CVE-2019-3420Nov 13, 2019risk 0.00cvss —epss 0.01
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.
- CVE-2019-3426Nov 8, 2019risk 0.00cvss —epss 0.01
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
- CVE-2019-3425Nov 8, 2019risk 0.00cvss —epss 0.01
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
- CVE-2019-3422Nov 7, 2019risk 0.00cvss —epss 0.01
The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can…
- CVE-2019-3421Oct 31, 2019risk 0.00cvss —epss 0.01
The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system.
- CVE-2019-3419Oct 31, 2019risk 0.00cvss —epss 0.01
A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service.
- CVE-2019-3416Sep 23, 2019risk 0.00cvss —epss 0.01
All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.
- CVE-2019-3418Aug 15, 2019risk 0.00cvss —epss 0.01
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.
Page 3 of 4