| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ElasticNet UME R32: ElasticNet_UME_R32_V16.23.20.04. |
| There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface |
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. |
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. |
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability. |
| The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root. |
| A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security. |
| ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. |
| ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges. |
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. |
| There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure. |
| There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory. |
| There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.
|
|
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro
|
|
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.
|
| There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. |
|
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
|
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. |
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. |
| There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content. |
