Filtered by vendor Zte Subscriptions
Total 161 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-10933 1 Zte 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware 2024-09-16 N/A
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
CVE-2017-10932 1 Zte 12 Nr8000tr, Nr8000tr Firmware, Nr8120 and 9 more 2024-09-16 N/A
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
CVE-2017-10935 1 Zte 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware 2024-09-16 N/A
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.
CVE-2014-2321 1 Zte 2 F460, F660 2024-09-16 N/A
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
CVE-2017-10930 1 Zte 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware 2024-09-16 N/A
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
CVE-2023-41780 1 Zte 2 Zxcloud Irai, Zxcloud Irai Firmware 2024-09-06 6.4 Medium
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.
CVE-2023-25643 1 Zte 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more 2024-08-28 8.4 High
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVE-2023-41779 1 Zte 2 Zxcloud Irai, Zxcloud Irai Firmware 2024-08-26 4.4 Medium
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.
CVE-2024-22069 1 Zte 4 Zxv10 Et301, Zxv10 Et301 Firmware, Zxv10 Xt802 and 1 more 2024-08-20 7.1 High
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
CVE-2014-9020 1 Zte 2 Zxdsl 831, Zxdsl 831cii 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.
CVE-2014-9019 1 Zte 1 Zxdsl 2024-08-06 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.
CVE-2014-8493 1 Zte 2 Zxhn H108l, Zxhn H108l Firmware 2024-08-06 N/A
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
CVE-2014-4154 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-08-06 N/A
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
CVE-2014-4155 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-08-06 N/A
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
CVE-2014-4018 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-08-06 N/A
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4019 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-08-06 7.5 High
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
CVE-2014-0329 1 Zte 1 Zxv10 W300 2024-08-06 N/A
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
CVE-2015-8703 1 Zte 4 Zxhn H108n R1a, Zxhn H108n R1a Firmware, Zxv10 W300 and 1 more 2024-08-06 N/A
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
CVE-2015-7258 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-08-06 N/A
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
CVE-2015-7259 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-08-06 N/A
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.