Filtered by vendor Zte
Subscribe
Total
167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | |||||
| CVE-2022-39067 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-29 | N/A | 6.5 MEDIUM |
| There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||||
| CVE-2022-39066 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-29 | N/A | 8.8 HIGH |
| There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. | |||||
| CVE-2022-23143 | 1 Zte | 2 Otcp, Otcp Firmware | 2025-04-23 | N/A | 6.5 MEDIUM |
| ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. | |||||
| CVE-2022-45957 | 1 Zte | 2 Zxhn-h108ns, Zxhn-h108ns Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. | |||||
| CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||||
| CVE-2015-7259 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | |||||
| CVE-2017-3216 | 5 Greenpacket, Huawei, Mada and 2 more | 28 Ox350, Ox350 Firmware, Bm2022 and 25 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | |||||
| CVE-2017-16953 | 1 Zte | 2 Zxdsl 831cii, Zxdsl 831cii Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | |||||
| CVE-2017-10931 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | |||||
| CVE-2017-10932 | 1 Zte | 12 Nr8000tr, Nr8000tr Firmware, Nr8120 and 9 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
| CVE-2015-7257 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | 8.5 HIGH | 7.5 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | |||||
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | |||||
| CVE-2015-7255 | 1 Zte | 12 Gan9.8t101a-b, Gan9.8t101a-b Firmware, Hg110 and 9 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. | |||||
| CVE-2017-10930 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | |||||
| CVE-2014-4018 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-12 | 7.8 HIGH | N/A |
| The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-7251 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2014-2321 | 1 Zte | 2 F460, F660 | 2025-04-12 | 10.0 HIGH | N/A |
| web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. | |||||
| CVE-2014-9183 | 1 Zte | 1 Zxdsl | 2025-04-12 | 10.0 HIGH | N/A |
| ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | |||||
| CVE-2014-9184 | 1 Zte | 1 Zxdsl | 2025-04-12 | 5.0 MEDIUM | N/A |
| ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. | |||||