ZTE : Security Vulnerabilities

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2021-21751	20			2021-12-27	2022-01-12	5.5	None	Remote	Low	???	None	Partial	Partial
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
2	CVE-2021-21750	269		+Priv	2021-12-27	2022-01-12	4.6	None	Local	Low	Not required	Partial	Partial	Partial
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
3	CVE-2021-21742			+Info	2021-09-25	2021-09-30	4.3	None	Remote	Medium	Not required	Partial	None	None
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
4	CVE-2021-21733	200		+Info	2021-05-19	2021-05-28	4.0	None	Remote	Low	???	Partial	None	None
The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.
5	CVE-2020-12695	276			2020-06-08	2021-04-23	7.8	None	Remote	Medium	Not required	Partial	None	Complete
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
6	CVE-2020-6876	79		XSS	2020-10-26	2020-10-30	3.5	None	Remote	Medium	???	None	Partial	None
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04
7	CVE-2020-6869	200		+Info	2020-06-17	2021-07-21	5.5	None	Remote	Low	???	Partial	Partial	None
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
8	CVE-2020-6867	400		Overflow	2020-04-30	2020-05-06	2.1	None	Local	Low	Not required	None	None	Partial
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.
9	CVE-2020-6865	200		+Info	2020-04-30	2020-05-05	4.0	None	Remote	Low	???	Partial	None	None
ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.
10	CVE-2019-3431	522			2019-12-23	2021-07-21	5.0	None	Remote	Low	Not required	Partial	None	None
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.
11	CVE-2019-3430	200		+Info	2019-12-23	2021-07-21	4.0	None	Remote	Low	???	Partial	None	None
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system.
12	CVE-2019-3429	532		+Info	2019-12-23	2019-12-30	5.0	None	Remote	Low	Not required	Partial	None	None
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.
13	CVE-2018-7365	426			2018-12-20	2019-10-09	6.5	None	Remote	Low	???	Partial	Partial	Partial
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
14	CVE-2018-7364	284		Exec Code	2018-12-07	2019-10-09	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
15	CVE-2014-9184	287		Bypass	2014-12-02	2014-12-03	5.0	None	Remote	Low	Not required	None	Partial	None
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
16	CVE-2014-9183	255		+Priv	2014-12-02	2014-12-03	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
17	CVE-2014-9020	79		XSS	2014-11-20	2018-10-09	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.
18	CVE-2014-9019	352		XSS CSRF	2014-11-20	2018-10-09	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.
19	CVE-2014-2321	264			2014-03-11	2014-03-11	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
20	CVE-2014-0329	255			2014-02-04	2017-08-29	9.3	None	Remote	Medium	Not required	Complete	Complete	Complete
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
21	CVE-2012-4746	352	1	CSRF	2012-08-31	2012-09-03	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

Total number of vulnerabilities : 21 Page : 1 (This Page)