There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-01-06
Updated
2023-01-12
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
Max CVSS
9.8
EPSS Score
0.32%
Published
2022-11-22
Updated
2022-11-28
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Max CVSS
9.1
EPSS Score
0.10%
Published
2022-09-23
Updated
2022-09-26
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.29%
Published
2021-10-20
Updated
2021-10-25
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.29%
Published
2021-10-20
Updated
2021-10-25
There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command.
Max CVSS
9.8
EPSS Score
0.80%
Published
2021-08-30
Updated
2023-06-05
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-04-13
Updated
2022-07-12
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.
Max CVSS
9.8
EPSS Score
0.12%
Published
2020-12-01
Updated
2020-12-04
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE>
Max CVSS
9.8
EPSS Score
0.26%
Published
2020-10-05
Updated
2021-07-21
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.
Max CVSS
9.1
EPSS Score
0.28%
Published
2020-09-01
Updated
2021-07-21
The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>
Max CVSS
9.8
EPSS Score
0.31%
Published
2020-07-20
Updated
2020-07-24
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.
Max CVSS
9.8
EPSS Score
0.15%
Published
2019-12-23
Updated
2021-07-21
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.
Max CVSS
9.0
EPSS Score
0.11%
Published
2019-08-15
Updated
2023-03-03
All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.
Max CVSS
10.0
EPSS Score
0.22%
Published
2019-09-23
Updated
2019-10-09
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.
Max CVSS
9.8
EPSS Score
0.37%
Published
2019-06-11
Updated
2020-08-24
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system.
Max CVSS
9.0
EPSS Score
0.16%
Published
2019-06-11
Updated
2020-08-24
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
Max CVSS
10.0
EPSS Score
1.79%
Published
2018-12-07
Updated
2023-03-01
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.
Max CVSS
9.0
EPSS Score
0.10%
Published
2018-11-16
Updated
2019-10-09
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
Max CVSS
9.6
EPSS Score
0.12%
Published
2018-11-16
Updated
2019-10-09
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.45%
Published
2018-11-16
Updated
2020-08-24
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
Max CVSS
9.8
EPSS Score
0.51%
Published
2018-07-25
Updated
2018-10-02
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
Max CVSS
10.0
EPSS Score
0.51%
Published
2017-09-28
Updated
2017-10-11
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-09-19
Updated
2019-10-03
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
Max CVSS
10.0
EPSS Score
0.75%
Published
2017-06-20
Updated
2019-10-09
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
Max CVSS
9.0
EPSS Score
0.28%
Published
2017-08-24
Updated
2017-08-29
31 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!