Filtered by vendor Zte
Subscriptions
Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21741 | 1 Zte | 2 Zxv10 M910, Zxv10 M910 Firmware | 2024-08-03 | 9.8 Critical |
| There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command. | ||||
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2024-08-03 | 4.4 Medium |
| A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. | ||||
| CVE-2021-21726 | 1 Zte | 6 Zxone 19700, Zxone 19700 Firmware, Zxone 8700 and 3 more | 2024-08-03 | 2.3 Low |
| Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set> | ||||
| CVE-2021-21731 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-08-03 | 8.1 High |
| A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04 | ||||
| CVE-2021-21735 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-08-03 | 6.5 Medium |
| A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. | ||||
| CVE-2022-45957 | 1 Zte | 2 Zxhn-h108ns, Zxhn-h108ns Firmware | 2024-08-03 | 7.5 High |
| ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. | ||||
| CVE-2022-39067 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2024-08-03 | 6.5 Medium |
| There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. | ||||
| CVE-2022-39075 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2024-08-03 | 7.1 High |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. | ||||
| CVE-2022-39074 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2024-08-03 | 3.3 Low |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission. | ||||
| CVE-2022-39066 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2024-08-03 | 8.8 High |
| There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. | ||||
| CVE-2022-39071 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2024-08-03 | 7.1 High |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. | ||||
| CVE-2022-39069 | 1 Zte | 1 Zaip-aie | 2024-08-03 | 5.3 Medium |
| There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. | ||||
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2024-08-03 | 9.8 Critical |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | ||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2024-08-03 | 9.8 Critical |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2022-39072 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf289d and 1 more | 2024-08-03 | 5.4 Medium |
| There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks. | ||||
| CVE-2022-23144 | 1 Zte | 30 Zxa10 B700v7, Zxa10 B700v7 Firmware, Zxa10 B710c-a12 and 27 more | 2024-08-03 | 9.1 Critical |
| There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. | ||||
| CVE-2022-23143 | 1 Zte | 2 Otcp, Otcp Firmware | 2024-08-03 | 6.5 Medium |
| ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. | ||||
| CVE-2022-23138 | 1 Zte | 2 Mf297d, Mf297d Firmware | 2024-08-03 | 7.5 High |
| ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. | ||||
| CVE-2022-23142 | 1 Zte | 2 Zxen Cg200, Zxen Cg200 Firmware | 2024-08-03 | 5.3 Medium |
| ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible. | ||||
| CVE-2022-23139 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2024-08-03 | 8.8 High |
| ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. | ||||