| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-3418 |
79 |
|
XSS |
2019-08-15 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. |
|
2 |
CVE-2019-3417 |
77 |
|
|
2019-08-15 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. |
|
3 |
CVE-2019-3416 |
20 |
|
|
2019-09-23 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. |
|
4 |
CVE-2019-3415 |
22 |
|
Dir. Trav. |
2019-07-11 |
2019-07-17 |
2.7 |
None |
Local Network |
Low |
Single system |
Partial |
None |
None |
|
ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. |
|
5 |
CVE-2019-3414 |
79 |
|
Exec Code XSS +Info |
2019-07-22 |
2019-07-25 |
2.3 |
None |
Local Network |
Medium |
Single system |
None |
Partial |
None |
|
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen. |
|
6 |
CVE-2019-3413 |
79 |
|
XSS |
2019-06-11 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. |
|
7 |
CVE-2018-7365 |
426 |
|
|
2018-12-20 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. |
|
8 |
CVE-2018-7364 |
284 |
|
Exec Code |
2018-12-07 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. |
|
9 |
CVE-2018-7361 |
476 |
|
DoS |
2018-11-16 |
2019-10-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. |
|
10 |
CVE-2018-7359 |
119 |
|
Exec Code Overflow |
2018-11-16 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. |
|
11 |
CVE-2018-7358 |
287 |
|
|
2018-11-14 |
2019-10-09 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. |
|
12 |
CVE-2018-7357 |
306 |
|
|
2018-11-14 |
2019-10-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. |
|
13 |
CVE-2018-7356 |
294 |
|
|
2018-11-01 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. |
|
14 |
CVE-2018-7355 |
79 |
|
XSS |
2018-09-26 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. |
|
15 |
CVE-2017-16953 |
287 |
|
|
2017-12-01 |
2017-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. |
|
16 |
CVE-2017-10933 |
22 |
|
Dir. Trav. |
2017-10-19 |
2017-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. |
|
17 |
CVE-2017-10932 |
502 |
|
Exec Code |
2017-09-27 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. |
|
18 |
CVE-2017-10931 |
22 |
|
Dir. Trav. +Info |
2017-09-19 |
2017-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. |
|
19 |
CVE-2017-10930 |
552 |
|
|
2017-09-19 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. |
|
20 |
CVE-2017-3216 |
306 |
|
Bypass |
2017-06-19 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. |
|
21 |
CVE-2015-8703 |
200 |
|
Bypass +Info |
2015-12-30 |
2016-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. |
|
22 |
CVE-2015-7259 |
255 |
|
|
2017-08-24 |
2017-08-29 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. |
|
23 |
CVE-2015-7258 |
255 |
|
+Info |
2017-08-24 |
2017-08-30 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. |
|
24 |
CVE-2015-7257 |
640 |
|
|
2017-08-24 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". |
|
25 |
CVE-2015-7255 |
200 |
|
+Info |
2017-08-29 |
2017-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. |
|
26 |
CVE-2015-7252 |
79 |
|
XSS |
2015-12-30 |
2017-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. |
|
27 |
CVE-2015-7251 |
255 |
|
|
2015-12-30 |
2017-09-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. |
|
28 |
CVE-2015-7250 |
22 |
|
Dir. Trav. |
2015-12-30 |
2017-09-12 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. |
|
29 |
CVE-2015-7249 |
264 |
|
Bypass |
2015-12-30 |
2017-09-12 |
6.8 |
None |
Remote |
Low |
Single system |
None |
Complete |
None |
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action. |
|
30 |
CVE-2015-7248 |
200 |
|
+Info |
2015-12-30 |
2017-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703. |
|
31 |
CVE-2014-9184 |
287 |
|
Bypass |
2014-12-02 |
2014-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. |
|
32 |
CVE-2014-9183 |
255 |
|
+Priv |
2014-12-02 |
2014-12-03 |
10.0 |
User |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. |
|
33 |
CVE-2014-9020 |
79 |
|
XSS |
2014-11-20 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. |
|
34 |
CVE-2014-9019 |
352 |
|
XSS CSRF |
2014-11-20 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. |
|
35 |
CVE-2014-8493 |
264 |
2
|
|
2014-11-20 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. |
|
36 |
CVE-2014-4155 |
352 |
1
|
CSRF |
2014-06-19 |
2014-07-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. |
|
37 |
CVE-2014-4154 |
264 |
1
|
+Info |
2014-07-16 |
2014-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. |
|
38 |
CVE-2014-4018 |
255 |
1
|
|
2014-07-16 |
2014-07-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
39 |
CVE-2014-2321 |
264 |
|
|
2014-03-11 |
2014-03-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. |
|
40 |
CVE-2014-0329 |
255 |
|
|
2014-02-04 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. |
|
41 |
CVE-2012-4746 |
352 |
1
|
CSRF |
2012-08-31 |
2012-09-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. |
|
42 |
CVE-2012-2949 |
264 |
|
+Priv |
2012-05-29 |
2012-05-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application. |
