Filtered by vendor Zte
Subscriptions
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23144 | 1 Zte | 30 Zxa10 B700v7, Zxa10 B700v7 Firmware, Zxa10 B710c-a12 and 27 more | 2023-08-08 | 9.1 Critical |
| There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. | ||||
| CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2023-06-26 | 7.7 High |
| There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | ||||
| CVE-2022-39075 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2023-06-07 | 7.1 High |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. | ||||
| CVE-2022-39074 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2023-06-07 | 3.3 Low |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission. | ||||
| CVE-2022-39071 | 1 Zte | 34 Axon 40 Ultra, Axon 40 Ultra Firmware, Blade A31 and 31 more | 2023-06-07 | 7.1 High |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. | ||||
| CVE-2021-21741 | 1 Zte | 2 Zxv10 M910, Zxv10 M910 Firmware | 2023-06-05 | 9.8 Critical |
| There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command. | ||||
| CVE-2019-3417 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2023-03-03 | 8.8 High |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. | ||||
| CVE-2019-3418 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2023-03-02 | 5.4 Medium |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | ||||
| CVE-2018-7364 | 1 Zte | 1 Zxin10 | 2023-03-01 | 9.8 Critical |
| All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. | ||||
| CVE-2022-23143 | 1 Zte | 2 Otcp, Otcp Firmware | 2023-01-23 | 6.5 Medium |
| ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. | ||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2023-01-12 | 9.8 Critical |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2022-45957 | 1 Zte | 2 Zxhn-h108ns, Zxhn-h108ns Firmware | 2022-12-15 | 7.5 High |
| ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. | ||||
| CVE-2022-39067 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2022-11-30 | 6.5 Medium |
| There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. | ||||
| CVE-2022-39066 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2022-11-30 | 8.8 High |
| There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. | ||||
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2022-11-28 | 9.8 Critical |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | ||||
| CVE-2022-39069 | 1 Zte | 1 Zaip-aie | 2022-11-09 | 5.3 Medium |
| There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. | ||||
| CVE-2014-2321 | 1 Zte | 2 F460, F660 | 2022-10-03 | N/A |
| web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. | ||||
| CVE-2014-9184 | 1 Zte | 1 Zxdsl | 2022-10-03 | N/A |
| ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. | ||||
| CVE-2014-9183 | 1 Zte | 1 Zxdsl | 2022-10-03 | N/A |
| ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | ||||
| CVE-2012-4746 | 1 Zte | 1 Zxdsl | 2022-10-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. | ||||