ZTE : Security Vulnerabilities
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Max Base Score | 8.8 |
Published | 2023-08-25 |
Updated | 2023-08-31 |
EPSS | 0.15% |
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
Max Base Score | 4.7 |
Published | 2023-08-17 |
Updated | 2023-08-24 |
EPSS | 0.04% |
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.
Max Base Score | 7.7 |
Published | 2023-06-16 |
Updated | 2023-06-26 |
EPSS | 0.05% |
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.
Max Base Score | 7.5 |
Published | 2022-12-12 |
Updated | 2022-12-15 |
EPSS | 0.05% |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
Max Base Score | 7.1 |
Published | 2023-05-30 |
Updated | 2023-06-07 |
EPSS | 0.05% |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
Max Base Score | 3.3 |
Published | 2023-05-30 |
Updated | 2023-06-07 |
EPSS | 0.04% |
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
Max Base Score | 9.8 |
Published | 2023-01-06 |
Updated | 2023-01-12 |
EPSS | 0.07% |
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
Max Base Score | 5.4 |
Published | 2023-01-06 |
Updated | 2023-01-12 |
EPSS | 0.05% |
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
Max Base Score | 7.1 |
Published | 2023-05-30 |
Updated | 2023-06-07 |
EPSS | 0.05% |
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
Max Base Score | 9.8 |
Published | 2022-11-22 |
Updated | 2022-11-28 |
EPSS | 0.14% |
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.
Max Base Score | 5.3 |
Published | 2022-11-08 |
Updated | 2022-11-09 |
EPSS | 0.05% |
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
Max Base Score | 6.5 |
Published | 2022-11-22 |
Updated | 2022-11-30 |
EPSS | 0.04% |
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Max Base Score | 8.8 |
Published | 2022-11-22 |
Updated | 2022-11-30 |
EPSS | 0.05% |
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Max Base Score | 9.1 |
Published | 2022-09-23 |
Updated | 2022-09-26 |
EPSS | 0.06% |
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
Max Base Score | 6.5 |
Published | 2022-12-05 |
Updated | 2023-01-23 |
EPSS | 0.05% |
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
Max Base Score | 5.3 |
Published | 2022-07-18 |
Updated | 2022-07-23 |
EPSS | 0.07% |
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
Max Base Score | 7.5 |
Published | 2022-07-15 |
Updated | 2022-07-22 |
EPSS | 0.14% |
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
Max Base Score | 8.8 |
Published | 2022-05-12 |
Updated | 2022-05-23 |
EPSS | 0.07% |
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.
Max Base Score | 7.5 |
Published | 2022-06-09 |
Updated | 2022-06-15 |
EPSS | 0.14% |
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
Max Base Score | 6.1 |
Published | 2022-05-11 |
Updated | 2022-05-19 |
EPSS | 0.06% |
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Max Base Score | 5.4 |
Published | 2022-03-30 |
Updated | 2022-04-07 |
EPSS | 0.05% |
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.
Max Base Score | 6.5 |
Published | 2022-02-24 |
Updated | 2022-03-08 |
EPSS | 0.09% |
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
Max Base Score | 8.1 |
Published | 2021-12-27 |
Updated | 2022-01-12 |
EPSS | 0.11% |
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
Max Base Score | 7.8 |
Published | 2021-12-27 |
Updated | 2022-01-12 |
EPSS | 0.04% |
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
Max Base Score | 9.8 |
Published | 2021-10-20 |
Updated | 2021-10-25 |
EPSS | 0.29% |