Search
Search Results (190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2024-11-21 | N/A |
| All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | ||||
| CVE-2017-10937 | 1 Zte | 2 Zxiptv-ucm, Zxiptv-ucm Firmware | 2024-11-21 | N/A |
| SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | ||||
| CVE-2017-10936 | 1 Zte | 2 Zxcdn-sns, Zxcdn-sns Firmware | 2024-11-21 | N/A |
| SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. | ||||
| CVE-2017-10935 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2024-11-21 | N/A |
| All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password. | ||||
| CVE-2017-10934 | 1 Zte | 2 Zxiptv-epg, Zxiptv-epg Firmware | 2024-11-21 | N/A |
| All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | ||||
| CVE-2014-4019 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 7.5 High |
| ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. | ||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | 7.5 High |
| There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | ||||
| CVE-2024-10119 | 2 Secom, Zte | 3 Wrtm326 Firmware, Wrtm326, Wrtm326 Firmware | 2024-11-01 | 9.8 Critical |
| The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests. | ||||
| CVE-2022-39068 | 1 Zte | 2 Mf296r, Mf296r Firmware | 2024-09-29 | 4.5 Medium |
| There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack. | ||||
| CVE-2024-22069 | 1 Zte | 4 Zxv10 Et301, Zxv10 Et301 Firmware, Zxv10 Xt802 and 1 more | 2024-08-20 | 7.1 High |
| There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | ||||