Filtered by vendor Zte
Subscribe
Total
132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6870 | 1 Zte | 2 Netnumen U31 R10, Netnumen U31 R10 Firmware | 2020-07-06 | 5.2 MEDIUM | 8.0 HIGH |
| The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115 | |||||
| CVE-2020-6865 | 1 Zte | 1 Oscp | 2020-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20. | |||||
| CVE-2014-4019 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2020-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. | |||||
| CVE-2019-3429 | 1 Zte | 1 Zxcloud Goldendata Vap | 2019-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information. | |||||
| CVE-2019-3426 | 1 Zte | 2 Zxupn-9000e, Zxupn-9000e Firmware | 2019-11-14 | 7.5 HIGH | 8.8 HIGH |
| The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. | |||||
| CVE-2019-3410 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client. | |||||
| CVE-2019-3416 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. | |||||
| CVE-2019-3413 | 1 Zte | 2 Netnumen Dap, Netnumen Dap Firmware | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. | |||||
| CVE-2018-7365 | 1 Zte | 2 Usmartview, Zxcloud Irai | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-7366 | 1 Zte | 2 Zxv10 B860av2.1 Chinamobile, Zxv10 B860av2.1 Chinamobile Firmware | 2019-10-09 | 4.6 MEDIUM | 6.8 MEDIUM |
| ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-7363 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.3 LOW | 8.8 HIGH |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | |||||
| CVE-2018-7362 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. | |||||
| CVE-2018-7361 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. | |||||
| CVE-2018-7360 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. | |||||
| CVE-2018-7358 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2019-10-09 | 5.8 MEDIUM | 8.8 HIGH |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-7357 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2019-10-09 | 3.3 LOW | 8.8 HIGH |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | |||||
| CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | |||||
| CVE-2017-3216 | 5 Greenpacket, Huawei, Mada and 2 more | 28 Ox350, Ox350 Firmware, Bm2022 and 25 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | |||||
| CVE-2017-10935 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2019-10-02 | 4.0 MEDIUM | 7.2 HIGH |
| All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password. | |||||
| CVE-2017-10930 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | |||||