Filtered by vendor Zte
Subscriptions
Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3409 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2024-11-21 | N/A |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system. | ||||
| CVE-2018-7366 | 1 Zte | 2 Zxv10 B860av2.1 Chinamobile, Zxv10 B860av2.1 Chinamobile Firmware | 2024-11-21 | N/A |
| ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | ||||
| CVE-2018-7365 | 1 Zte | 2 Usmartview, Zxcloud Irai | 2024-11-21 | N/A |
| All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. | ||||
| CVE-2018-7364 | 1 Zte | 1 Zxin10 | 2024-11-21 | 9.8 Critical |
| All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. | ||||
| CVE-2018-7363 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | ||||
| CVE-2018-7362 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. | ||||
| CVE-2018-7361 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. | ||||
| CVE-2018-7360 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. | ||||
| CVE-2018-7359 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2018-7358 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-11-21 | N/A |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | ||||
| CVE-2018-7357 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-11-21 | N/A |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | ||||
| CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2024-11-21 | N/A |
| All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | ||||
| CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2024-11-21 | N/A |
| All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | ||||
| CVE-2017-3216 | 5 Greenpacket, Huawei, Mada and 2 more | 28 Ox350, Ox350 Firmware, Bm2022 and 25 more | 2024-11-21 | N/A |
| WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | ||||
| CVE-2017-16953 | 1 Zte | 2 Zxdsl 831cii, Zxdsl 831cii Firmware | 2024-11-21 | N/A |
| connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | ||||
| CVE-2017-10937 | 1 Zte | 2 Zxiptv-ucm, Zxiptv-ucm Firmware | 2024-11-21 | N/A |
| SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | ||||
| CVE-2017-10936 | 1 Zte | 2 Zxcdn-sns, Zxcdn-sns Firmware | 2024-11-21 | N/A |
| SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. | ||||
| CVE-2017-10935 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2024-11-21 | N/A |
| All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password. | ||||
| CVE-2017-10934 | 1 Zte | 2 Zxiptv-epg, Zxiptv-epg Firmware | 2024-11-21 | N/A |
| All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | ||||
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2024-11-21 | N/A |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | ||||