Skip to main content

Zte

163 CVEs vendor

Monthly

CVE-2026-44409 MEDIUM This Month

Unauthorized information disclosure in the ZTE MU5250 5G mobile router allows an adjacent-network attacker with low-privilege access to retrieve sensitive information due to misconfigured access control mechanisms. The vulnerability carries a CVSS 3.1 base score of 5.7 (Medium) with high confidentiality impact, confirmed by ZTE through their own security bulletin. No public exploit code or CISA KEV listing has been identified at time of analysis, limiting immediate mass-exploitation risk, though the high confidentiality impact (C:H) warrants timely remediation in network-sensitive deployments.

Information Disclosure Zte
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-44408 MEDIUM This Month

Improper permission control on the ZTE MU5250 web management interface allows an adjacent-network attacker with low-level credentials to modify device configuration beyond their authorized scope, resulting in high availability impact and low integrity impact. Affected firmware is confirmed as BD_FLYMODEMMU5250V1.0.0B27, self-disclosed by ZTE via their security bulletin. No public exploit code or CISA KEV listing exists at time of analysis, and exploitation is constrained to adjacent network access with some level of authenticated access per the CVSS vector.

Information Disclosure Zte Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-44407 MEDIUM This Month

Local denial-of-service vulnerability in ZTE Cloud PC client uSmartview allows authenticated local attackers to trigger memory corruption and crash the application through a use of externally-controlled format string (CWE-134). CVSS 4.7 with local attack vector and high complexity indicates limited real-world exploitability; no public exploit identified at time of analysis.

Zte Denial Of Service Buffer Overflow
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-44406 MEDIUM This Month

DLL hijacking in ZTE Cloud PC client uSmartView allows unauthenticated local attackers to achieve arbitrary code execution and privilege escalation by planting a malicious DLL that is loaded by uSmartViewServiceAgent.exe running with SYSTEM privileges. The vulnerability requires local access but no authentication and affects multiple ZXCloud IRAI product versions. No public exploit code or active exploitation has been confirmed at this time.

Zte Privilege Escalation RCE Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-40004 MEDIUM This Month

ZTE Cloud PC client uSmartview contains an OpenSSL configuration file privilege escalation vulnerability (CVE-2026-40004) that allows authenticated local attackers with user-level privileges to execute arbitrary code and escalate to higher privilege levels through a malicious openssl.cnf file. This requires physical access or local system access combined with user interaction, and affects ZTE's virtualized desktop infrastructure product. The CVSS score of 5.5 reflects the physical attack vector and additional user interaction requirement, despite the severity of code execution and cross-system scope impact.

Zte Privilege Escalation RCE OpenSSL
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40003 MEDIUM This Month

Arbitrary memory writes via USB in ZTE ZX297520V3 BootROM allow physical attackers with USB access to bypass Secure Boot signature verification and achieve unauthorized code execution by exploiting missing target address validation in USB download mode. The vulnerability requires physical device access and user interaction (device boot into download mode), resulting in a CVSS score of 5.1, but enables complete bypass of cryptographic security mechanisms and Secure Boot protections.

Zte Memory Corruption Buffer Overflow RCE
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-40001 MEDIUM This Month

Local privilege escalation in ZTE PROCESS Guard Service allows authenticated local users to escalate privileges and achieve arbitrary code execution through improper access control enforcement, affecting the cloud computer client. The vulnerability requires local access and authenticated user context but operates across system boundaries, potentially compromising system integrity. No active exploitation has been confirmed at time of analysis, though the combination of privilege escalation and RCE capability makes this a moderate-priority local threat.

Privilege Escalation RCE Zte Path Traversal
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-34473 HIGH POC This Week

Remote denial-of-service in ZTE home routers (H8102E, H168N, H167A, and 15 other models) allows unauthenticated network attackers to crash the web management interface via oversized HTTP POST request with application/x-www-form-urlencoded content, requiring physical device reboot to restore service. ZTE claims devices patched since March 2021, but operator firmware timelines vary. EPSS data not available; no active exploitation confirmed (not in CISA KEV). Publicly available exploit details exist via GitHub gist.

Denial Of Service Zte
NVD GitHub VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34474 HIGH POC Monitor

Remote unauthenticated attackers can retrieve plaintext administrator passwords and WLAN Pre-Shared Keys from ZTE ZXHN H298A (firmware 1.1) and H108N (firmware 2.6) routers via crafted HTTP requests to the web management interface. The vulnerability enables complete network compromise through credential theft without requiring authentication. Public exploit code exists (GitHub Gist), demonstrating active researcher interest, though no CISA KEV listing indicates targeted rather than widespread exploitation. EPSS data unavailable, but the combination of network attack vector, no authentication requirement, and credential exposure presents immediate risk to affected deployments.

Authentication Bypass Zte Information Disclosure
NVD GitHub VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40436 HIGH This Week

Password reset vulnerability in ZTE ZXEDM iEMS cloud management portal allows authenticated attackers with low privileges to enumerate all user accounts and reset arbitrary user passwords. This authentication bypass enables unauthorized administrative operations across the entire EMS system. Attack requires user interaction and moderate complexity (CVSS AC:H), but no public exploit identified at time of analysis. CVSS 7.1 reflects high confidentiality, integrity, and availability impact within the vulnerable component's scope.

Authentication Bypass Zte
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-34472 HIGH POC This Week

Unauthenticated credential disclosure in ZTE ZXHN H188A routers (versions V6.0.10P2_TE and V6.0.10P3N3_TE) allows local network attackers to retrieve sensitive credentials including default administrator passwords, WLAN PSK, and PPPoE credentials via the wizard interface, with some cases enabling unauthenticated configuration changes. No CVSS or EPSS data is available, and KEV status is unconfirmed; however, a publicly available technical analysis exists on GitHub indicating detailed exploitation methodology.

Information Disclosure Zte
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-66314 HIGH This Week

Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.23.20.04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-26711 MEDIUM This Month

There is an unauthorized access vulnerability in ZTE T5400. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-26710 LOW Monitor

There is an an information disclosure vulnerability in ZTE T5400. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-26709 MEDIUM This Month

There is an unauthorized access vulnerability in ZTE F50. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-22063 CRITICAL Act Now

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Zenic One R58
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2024-22067 HIGH This Week

ZTE NH8091 product has an improper permission control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Nh8091 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22066 MEDIUM This Month

There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxr10 1800 2S Firmware Zxr10 2800 4 Firmware Zxr10 3800 8 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-22065 HIGH This Week

There is a command injection vulnerability in ZTE MF258 Pro product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf258k Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-22068 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.00.10 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxr10 1800 2S Firmware Zxr10 2800 4 Firmware Zxr10 3800 8 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45416 HIGH This Week

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zte Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-45415 CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45414 CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45413 HIGH This Week

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-22069 HIGH This Week

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxv10 Et301 Firmware Zxv10 Xt802 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-22064 MEDIUM This Month

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxun Epdg
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-41781 MEDIUM This Month

There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte XSS Mf258 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2023-41782 LOW Monitor

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Irai
NVD
CVSS 3.1
3.9
EPSS
0.0%
CVE-2023-41784 MEDIUM This Month

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro. Rated medium severity (CVSS 6.6). No vendor patch available.

Zte Privilege Escalation Redmagic 8 Pro Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2023-41783 MEDIUM This Month

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Command Injection RCE Code Injection Zxcloud Irai
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41780 MEDIUM This Month

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Rated medium severity (CVSS 6.4). No vendor patch available.

Zte Path Traversal Zxcloud Irai
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2023-41779 MEDIUM This Month

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. Rated medium severity (CVSS 4.4). No vendor patch available.

Zte Buffer Overflow Zxcloud Irai
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-41776 MEDIUM This Month

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. Rated medium severity (CVSS 6.7). No vendor patch available.

Zte Privilege Escalation Zxcloud Irai
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-25644 HIGH This Week

There is a denial of service vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25643 HIGH This Week

There is a command injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-25642 MEDIUM This Month

There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zte Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25651 HIGH This Week

There is a SQL injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zte SQLi Mf833U1 Firmware Mf286R Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2023-25648 HIGH This Week

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxcloud Irai
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25649 HIGH This Week

There is a command injection vulnerability in a mobile internet product of ZTE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf286R Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-25647 LOW Monitor

There is a permission and access control vulnerability in some ZTE mobile phones. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zte Axon 30 Firmware Axon 40 Pro Firmware Axon 40 Ultra Firmware +1
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-25645 HIGH This Week

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zte Up T2 4K Firmware Zxv10 B866V2 H Firmware Zxv10 B866V2 Firmware +2
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2022-45957 HIGH POC THREAT This Week

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Zte Buffer Overflow Zxhn H108Ns Firmware
NVD
CVSS 3.1
7.5
EPSS
11.5%
CVE-2022-23143 MEDIUM This Month

ZTE OTCP product is impacted by a permission and access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zte Otcp Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39070 CRITICAL Act Now

There is an access control vulnerability in some ZTE PON OLT products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxa10 C350M Firmware Zxa10 C300M Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39067 MEDIUM This Month

There is a buffer overflow vulnerability in ZTE MF286R. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Denial Of Service Buffer Overflow Mf286R Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39066 HIGH This Week

There is a SQL injection vulnerability in ZTE MF286R. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zte Mf286R Firmware
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2022-39069 MEDIUM This Month

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zte Zaip Aie
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-23144 CRITICAL Act Now

There is a broken access control vulnerability in ZTE ZXvSTB product. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 B76Hv3 Firmware Zxa10 B766V2 Firmware Zxa10 B800V2 Firmware +12
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-23138 HIGH This Week

ZTE's MF297D product has cryptographic issues vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf297D Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-23139 HIGH This Week

ZTE's ZXMP M721 product has a permission and access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxmp M721 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-23137 MEDIUM This Month

ZTE's ZXCDN product has a reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Zxcdn Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-23136 MEDIUM This Month

There is a stored XSS vulnerability in ZTE home gateway product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte XSS Zxhn F680 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-23135 MEDIUM This Month

There is a directory traversal vulnerability in some home gateway products of ZTE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Path Traversal Zxhn F677 Firmware Zxhn F477 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21751 HIGH This Week

ZTE BigVideo analysis product has an input verification vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxin10 Cms
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-21750 HIGH This Week

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zte Privilege Escalation Authentication Bypass Zxin10 Cms
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21749 CRITICAL Act Now

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zte Memory Corruption RCE Mf971R Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-21748 CRITICAL Act Now

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zte Memory Corruption RCE Mf971R Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-21745 MEDIUM POC THREAT This Month

ZTE MF971R product has a Referer authentication bypass vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Authentication Bypass Mf971R Firmware
NVD
CVSS 3.1
4.3
EPSS
55.7%
CVE-2021-21744 HIGH This Week

ZTE MF971R product has a configuration file control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf971R Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-21743 MEDIUM This Month

ZTE MF971R product has a CRLF injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Code Injection Mf971R Firmware
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-21747 MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21746 MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21742 MEDIUM This Month

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Axon 30 Pro Message Service
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-21741 CRITICAL Act Now

There is a command execution vulnerability in a ZTE conference management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Zte Zxv10 M910 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-21740 LOW Monitor

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H2640 Firmware
NVD
CVSS 3.1
2.4
EPSS
0.4%
CVE-2021-21739 MEDIUM This Month

A ZTE's product of the transport network access layer has a security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxctn 6120H Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-21738 MEDIUM This Month

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Zxiptv Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21737 HIGH This Week

A smart STB product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxv10 B860H V5 0 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-21736 HIGH This Week

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxhn Hs562 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-21735 MEDIUM This Month

A ZTE product has an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-21734 MEDIUM This Month

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxa10 F821 Firmware Zxa10 F822 Firmware Zxa10 F819 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-21732 HIGH This Week

A mobile phone of ZTE is impacted by improper access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Axon 11 5G Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-21731 HIGH This Week

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Zxcloud Irai
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-21730 CRITICAL Act Now

A ZTE product is impacted by improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-21729 MEDIUM This Month

Some ZTE products have CSRF vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Zxhn H168N Firmware Zxhn H108N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-21728 MEDIUM This Month

A ZTE product has a configuration error vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxa10 C300M Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-21727 HIGH This Week

A ZTE product has a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxhn F623 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-21726 LOW Monitor

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxone 9700 Firmware Zxone 8700 Firmware Zxone 19700 Firmware
NVD
CVSS 3.1
2.3
EPSS
0.4%
CVE-2021-21725 MEDIUM This Month

A ZTE product has an information leak vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxhn H196Q Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-21724 MEDIUM This Month

A ZTE product has a memory leak vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxr10 8900E Firmware
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2021-21723 HIGH This Week

Some ZTE products have a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxr10 9904 Firmware Zxr10 9908 Firmware Zxr10 9916 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-21722 MEDIUM This Month

A ZTE Smart STB is impacted by an information leak vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxv10 B860A Firmware
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-6882 HIGH This Week

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn E8810 Firmware Zxhn E8820 Firmware Zxhn E8822 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-6881 HIGH This Week

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxhn E8810 Firmware Zxhn E8820 Firmware Zxhn E8822 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-6879 LOW Monitor

Some ZTE devices have input verification vulnerabilities. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn Z500 Firmware Zxhn F670L Firmware
NVD
CVSS 3.1
3.5
EPSS
0.7%
CVE-2020-6877 HIGH This Week

A ZTE product is impacted by an information leak vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 Eodn Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6876 MEDIUM This Month

A ZTE product is impacted by an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Evdc
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6875 CRITICAL Act Now

A ZTE product is impacted by the improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxone 19700 Snpe Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-6874 CRITICAL Act Now

A ZTE product is impacted by the cryptographic issues vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxiptv Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2020-6873 MEDIUM This Month

A ZTE product has a DoS vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Zxr10 2800 4 Almpufb Low Firmware
NVD
CVSS 3.1
5.3
EPSS
1.3%
EPSS 0% CVSS 5.7
MEDIUM This Month

Unauthorized information disclosure in the ZTE MU5250 5G mobile router allows an adjacent-network attacker with low-privilege access to retrieve sensitive information due to misconfigured access control mechanisms. The vulnerability carries a CVSS 3.1 base score of 5.7 (Medium) with high confidentiality impact, confirmed by ZTE through their own security bulletin. No public exploit code or CISA KEV listing has been identified at time of analysis, limiting immediate mass-exploitation risk, though the high confidentiality impact (C:H) warrants timely remediation in network-sensitive deployments.

Information Disclosure Zte
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Improper permission control on the ZTE MU5250 web management interface allows an adjacent-network attacker with low-level credentials to modify device configuration beyond their authorized scope, resulting in high availability impact and low integrity impact. Affected firmware is confirmed as BD_FLYMODEMMU5250V1.0.0B27, self-disclosed by ZTE via their security bulletin. No public exploit code or CISA KEV listing exists at time of analysis, and exploitation is constrained to adjacent network access with some level of authenticated access per the CVSS vector.

Information Disclosure Zte Authentication Bypass
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Local denial-of-service vulnerability in ZTE Cloud PC client uSmartview allows authenticated local attackers to trigger memory corruption and crash the application through a use of externally-controlled format string (CWE-134). CVSS 4.7 with local attack vector and high complexity indicates limited real-world exploitability; no public exploit identified at time of analysis.

Zte Denial Of Service Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

DLL hijacking in ZTE Cloud PC client uSmartView allows unauthenticated local attackers to achieve arbitrary code execution and privilege escalation by planting a malicious DLL that is loaded by uSmartViewServiceAgent.exe running with SYSTEM privileges. The vulnerability requires local access but no authentication and affects multiple ZXCloud IRAI product versions. No public exploit code or active exploitation has been confirmed at this time.

Zte Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

ZTE Cloud PC client uSmartview contains an OpenSSL configuration file privilege escalation vulnerability (CVE-2026-40004) that allows authenticated local attackers with user-level privileges to execute arbitrary code and escalate to higher privilege levels through a malicious openssl.cnf file. This requires physical access or local system access combined with user interaction, and affects ZTE's virtualized desktop infrastructure product. The CVSS score of 5.5 reflects the physical attack vector and additional user interaction requirement, despite the severity of code execution and cross-system scope impact.

Zte Privilege Escalation RCE +1
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Arbitrary memory writes via USB in ZTE ZX297520V3 BootROM allow physical attackers with USB access to bypass Secure Boot signature verification and achieve unauthorized code execution by exploiting missing target address validation in USB download mode. The vulnerability requires physical device access and user interaction (device boot into download mode), resulting in a CVSS score of 5.1, but enables complete bypass of cryptographic security mechanisms and Secure Boot protections.

Zte Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM This Month

Local privilege escalation in ZTE PROCESS Guard Service allows authenticated local users to escalate privileges and achieve arbitrary code execution through improper access control enforcement, affecting the cloud computer client. The vulnerability requires local access and authenticated user context but operates across system boundaries, potentially compromising system integrity. No active exploitation has been confirmed at time of analysis, though the combination of privilege escalation and RCE capability makes this a moderate-priority local threat.

Privilege Escalation RCE Zte +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Remote denial-of-service in ZTE home routers (H8102E, H168N, H167A, and 15 other models) allows unauthenticated network attackers to crash the web management interface via oversized HTTP POST request with application/x-www-form-urlencoded content, requiring physical device reboot to restore service. ZTE claims devices patched since March 2021, but operator firmware timelines vary. EPSS data not available; no active exploitation confirmed (not in CISA KEV). Publicly available exploit details exist via GitHub gist.

Denial Of Service Zte
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC Monitor

Remote unauthenticated attackers can retrieve plaintext administrator passwords and WLAN Pre-Shared Keys from ZTE ZXHN H298A (firmware 1.1) and H108N (firmware 2.6) routers via crafted HTTP requests to the web management interface. The vulnerability enables complete network compromise through credential theft without requiring authentication. Public exploit code exists (GitHub Gist), demonstrating active researcher interest, though no CISA KEV listing indicates targeted rather than widespread exploitation. EPSS data unavailable, but the combination of network attack vector, no authentication requirement, and credential exposure presents immediate risk to affected deployments.

Authentication Bypass Zte Information Disclosure
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.1
HIGH This Week

Password reset vulnerability in ZTE ZXEDM iEMS cloud management portal allows authenticated attackers with low privileges to enumerate all user accounts and reset arbitrary user passwords. This authentication bypass enables unauthorized administrative operations across the entire EMS system. Attack requires user interaction and moderate complexity (CVSS AC:H), but no public exploit identified at time of analysis. CVSS 7.1 reflects high confidentiality, integrity, and availability impact within the vulnerable component's scope.

Authentication Bypass Zte
NVD VulDB
EPSS 0% CVSS 7.1
HIGH POC This Week

Unauthenticated credential disclosure in ZTE ZXHN H188A routers (versions V6.0.10P2_TE and V6.0.10P3N3_TE) allows local network attackers to retrieve sensitive credentials including default administrator passwords, WLAN PSK, and PPPoE credentials via the wizard interface, with some cases enabling unauthenticated configuration changes. No CVSS or EPSS data is available, and KEV status is unconfirmed; however, a publicly available technical analysis exists on GitHub indicating detailed exploitation methodology.

Information Disclosure Zte
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.23.20.04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

There is an unauthorized access vulnerability in ZTE T5400. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD
EPSS 0% CVSS 3.5
LOW Monitor

There is an an information disclosure vulnerability in ZTE T5400. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

There is an unauthorized access vulnerability in ZTE F50. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Zenic One R58
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ZTE NH8091 product has an improper permission control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Nh8091 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxr10 1800 2S Firmware +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

There is a command injection vulnerability in ZTE MF258 Pro product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf258k Pro Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.00.10 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxr10 1800 2S Firmware +3
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zte Information Disclosure
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
EPSS 0% CVSS 8.8
HIGH This Week

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxv10 Et301 Firmware +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxun Epdg
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte XSS Mf258 Firmware
NVD
EPSS 0% CVSS 3.9
LOW Monitor

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Irai
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro. Rated medium severity (CVSS 6.6). No vendor patch available.

Zte Privilege Escalation Redmagic 8 Pro Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Command Injection RCE +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Rated medium severity (CVSS 6.4). No vendor patch available.

Zte Path Traversal Zxcloud Irai
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. Rated medium severity (CVSS 4.4). No vendor patch available.

Zte Buffer Overflow Zxcloud Irai
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. Rated medium severity (CVSS 6.7). No vendor patch available.

Zte Privilege Escalation Zxcloud Irai
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is a denial of service vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Mc801A Firmware +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

There is a command injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mc801A Firmware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zte +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

There is a SQL injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zte SQLi Mf833U1 Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxcloud Irai
NVD
EPSS 2% CVSS 8.8
HIGH This Week

There is a command injection vulnerability in a mobile internet product of ZTE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf286R Firmware
NVD
EPSS 0% CVSS 3.3
LOW Monitor

There is a permission and access control vulnerability in some ZTE mobile phones. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zte Axon 30 Firmware +3
NVD
EPSS 0% CVSS 7.7
HIGH This Week

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zte Up T2 4K Firmware +4
NVD
EPSS 11% CVSS 7.5
HIGH POC THREAT This Week

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Zte Buffer Overflow +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

ZTE OTCP product is impacted by a permission and access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zte Otcp Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There is an access control vulnerability in some ZTE PON OLT products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxa10 C350M Firmware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

There is a buffer overflow vulnerability in ZTE MF286R. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Denial Of Service Buffer Overflow +1
NVD
EPSS 27% CVSS 8.8
HIGH This Week

There is a SQL injection vulnerability in ZTE MF286R. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zte Mf286R Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zte Zaip Aie
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

There is a broken access control vulnerability in ZTE ZXvSTB product. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 B76Hv3 Firmware +14
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ZTE's MF297D product has cryptographic issues vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf297D Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ZTE's ZXMP M721 product has a permission and access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxmp M721 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

ZTE's ZXCDN product has a reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Zxcdn Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

There is a stored XSS vulnerability in ZTE home gateway product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte XSS Zxhn F680 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

There is a directory traversal vulnerability in some home gateway products of ZTE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Path Traversal Zxhn F677 Firmware +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

ZTE BigVideo analysis product has an input verification vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxin10 Cms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zte Privilege Escalation Authentication Bypass +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zte Memory Corruption +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zte Memory Corruption +2
NVD
EPSS 56% CVSS 4.3
MEDIUM POC THREAT This Month

ZTE MF971R product has a Referer authentication bypass vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Authentication Bypass +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ZTE MF971R product has a configuration file control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf971R Firmware
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

ZTE MF971R product has a CRLF injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Code Injection Mf971R Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Axon 30 Pro Message Service
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There is a command execution vulnerability in a ZTE conference management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Zte Zxv10 M910 Firmware
NVD
EPSS 0% CVSS 2.4
LOW Monitor

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H2640 Firmware
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A ZTE's product of the transport network access layer has a security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxctn 6120H Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Zxiptv Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A smart STB product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxv10 B860H V5 0 Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Privilege Escalation Zxhn Hs562 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A ZTE product has an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxa10 F821 Firmware +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A mobile phone of ZTE is impacted by improper access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Axon 11 5G Firmware
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Zxcloud Irai
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A ZTE product is impacted by improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H168N Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Some ZTE products have CSRF vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Zxhn H168N Firmware +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A ZTE product has a configuration error vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxa10 C300M Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A ZTE product has a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxhn F623 Firmware
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxone 9700 Firmware +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

A ZTE product has an information leak vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxhn H196Q Firmware
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A ZTE product has a memory leak vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxr10 8900E Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Some ZTE products have a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxr10 9904 Firmware +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A ZTE Smart STB is impacted by an information leak vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxv10 B860A Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn E8810 Firmware +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxhn E8810 Firmware +2
NVD
EPSS 1% CVSS 3.5
LOW Monitor

Some ZTE devices have input verification vulnerabilities. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn Z500 Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A ZTE product is impacted by an information leak vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 Eodn Firmware
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A ZTE product is impacted by an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Evdc
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A ZTE product is impacted by the improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxone 19700 Snpe Firmware
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

A ZTE product is impacted by the cryptographic issues vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxiptv Firmware
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A ZTE product has a DoS vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Zxr10 2800 4 Almpufb Low Firmware
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy