Filtered by vendor Zte
Subscriptions
Total
156 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-6863 | 1 Zte | 2 E8820v3, E8820v3 Firmware | 2024-08-04 | 6.5 Medium |
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. | ||||
CVE-2020-6875 | 1 Zte | 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware | 2024-08-04 | 9.8 Critical |
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | ||||
CVE-2020-6876 | 1 Zte | 1 Evdc | 2024-08-04 | 5.4 Medium |
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 | ||||
CVE-2020-6864 | 1 Zte | 2 E8820v3, E8820v3 Firmware | 2024-08-04 | 6.5 Medium |
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. | ||||
CVE-2020-6879 | 1 Zte | 4 Zxhn F670l, Zxhn F670l Firmware, Zxhn Z500 and 1 more | 2024-08-04 | 3.5 Low |
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2. | ||||
CVE-2020-6871 | 1 Zte | 6 R5300g4, R5300g4 Firmware, R5500g4 and 3 more | 2024-08-04 | 9.8 Critical |
The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100> | ||||
CVE-2020-6873 | 1 Zte | 2 Zxr10 2800-4 Almpufb\(low\), Zxr10 2800-4 Almpufb\(low\) Firmware | 2024-08-04 | 5.3 Medium |
A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40. | ||||
CVE-2020-6874 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2024-08-04 | 9.1 Critical |
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. | ||||
CVE-2020-6880 | 1 Zte | 2 Zxv10 W908, Zxv10 W908 Firmware | 2024-08-04 | 9.8 Critical |
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. | ||||
CVE-2020-6866 | 1 Zte | 2 Zxctn 6500, Zxctn 6500 Firmware | 2024-08-04 | 4.9 Medium |
A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87. | ||||
CVE-2020-6870 | 1 Zte | 2 Netnumen U31 R10, Netnumen U31 R10 Firmware | 2024-08-04 | 8.0 High |
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115 | ||||
CVE-2020-6868 | 1 Zte | 2 F680, F680 Firmware | 2024-08-04 | 6.5 Medium |
There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6 | ||||
CVE-2020-6862 | 1 Zte | 2 F6x2w, F6x2w Firmware | 2024-08-04 | 5.3 Medium |
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code. | ||||
CVE-2020-6867 | 1 Zte | 1 Zenic One R22b | 2024-08-04 | 5.5 Medium |
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005. | ||||
CVE-2020-6869 | 1 Zte | 1 Ztemarket Apk | 2024-08-04 | 8.1 High |
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. | ||||
CVE-2021-21725 | 1 Zte | 2 Zxhn H196q, Zxhn H196q Firmware | 2024-08-03 | 5.7 Medium |
A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. | ||||
CVE-2021-21733 | 1 Zte | 1 Zxcdn | 2024-08-03 | 4.9 Medium |
The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02. | ||||
CVE-2021-21730 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-08-03 | 9.8 Critical |
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 | ||||
CVE-2021-21749 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-08-03 | 9.8 Critical |
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code. | ||||
CVE-2021-21750 | 1 Zte | 1 Zxin10 Cms | 2024-08-03 | 7.8 High |
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access. |