Filtered by vendor Zte
Subscribe
Total
147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21729 | 1 Zte | 4 Zxhn H108n, Zxhn H108n Firmware, Zxhn H168n and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 | |||||
| CVE-2021-21740 | 1 Zte | 2 Zxhn H2640, Zxhn H2640 Firmware | 2024-02-04 | 2.1 LOW | 2.4 LOW |
| There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. | |||||
| CVE-2021-21736 | 1 Zte | 2 Zxhn Hs562, Zxhn Hs562 Firmware | 2024-02-04 | 8.0 HIGH | 7.2 HIGH |
| A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E | |||||
| CVE-2021-21735 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. | |||||
| CVE-2021-21734 | 1 Zte | 16 Zxa10 F809, Zxa10 F809 Firmware, Zxa10 F819 and 13 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01 | |||||
| CVE-2021-21730 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 | |||||
| CVE-2021-21731 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-02-04 | 5.8 MEDIUM | 8.1 HIGH |
| A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04 | |||||
| CVE-2021-21733 | 1 Zte | 1 Zxcdn | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02. | |||||
| CVE-2021-21737 | 1 Zte | 2 Zxv10 B860h V5.0, Zxv10 B860h V5.0 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016 | |||||
| CVE-2020-6877 | 1 Zte | 2 Zxa10 Eodn, Zxa10 Eodn Firmware | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
| A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 | |||||
| CVE-2021-21724 | 1 Zte | 2 Zxr10 8900e, Zxr10 8900e Firmware | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1. | |||||
| CVE-2021-21726 | 1 Zte | 6 Zxone 19700, Zxone 19700 Firmware, Zxone 8700 and 3 more | 2024-02-04 | 2.1 LOW | 2.3 LOW |
| Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set> | |||||
| CVE-2020-6879 | 1 Zte | 4 Zxhn F670l, Zxhn F670l Firmware, Zxhn Z500 and 1 more | 2024-02-04 | 2.7 LOW | 3.5 LOW |
| Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2. | |||||
| CVE-2021-21723 | 1 Zte | 10 Zxr10 9904, Zxr10 9904-s, Zxr10 9904-s Firmware and 7 more | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12. | |||||
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. | |||||
| CVE-2021-21725 | 1 Zte | 2 Zxhn H196q, Zxhn H196q Firmware | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
| A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. | |||||
| CVE-2020-6880 | 1 Zte | 2 Zxv10 W908, Zxv10 W908 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. | |||||
| CVE-2020-6875 | 1 Zte | 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | |||||
| CVE-2020-6876 | 1 Zte | 1 Evdc | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 | |||||
| CVE-2020-6882 | 1 Zte | 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> | |||||