Zte

5 CVEs vendor

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-34472 HIGH This Week

Unauthenticated credential disclosure in ZTE ZXHN H188A routers (versions V6.0.10P2_TE and V6.0.10P3N3_TE) allows local network attackers to retrieve sensitive credentials including default administrator passwords, WLAN PSK, and PPPoE credentials via the wizard interface, with some cases enabling unauthenticated configuration changes. No CVSS or EPSS data is available, and KEV status is unconfirmed; however, a publicly available technical analysis exists on GitHub indicating detailed exploitation methodology.

Information Disclosure Zte
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-66314 HIGH This Week

Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.23.20.04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-26711 MEDIUM This Month

There is an unauthorized access vulnerability in ZTE T5400. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-26710 LOW Monitor

There is an an information disclosure vulnerability in ZTE T5400. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-26709 MEDIUM This Month

There is an unauthorized access vulnerability in ZTE F50. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-34472
EPSS 0% CVSS 7.1
HIGH This Week

Unauthenticated credential disclosure in ZTE ZXHN H188A routers (versions V6.0.10P2_TE and V6.0.10P3N3_TE) allows local network attackers to retrieve sensitive credentials including default administrator passwords, WLAN PSK, and PPPoE credentials via the wizard interface, with some cases enabling unauthenticated configuration changes. No CVSS or EPSS data is available, and KEV status is unconfirmed; however, a publicly available technical analysis exists on GitHub indicating detailed exploitation methodology.

Information Disclosure Zte
NVD GitHub
CVE-2025-66314
EPSS 0% CVSS 7.5
HIGH This Week

Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.23.20.04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Privilege Escalation
NVD
CVE-2025-26711
EPSS 0% CVSS 5.7
MEDIUM This Month

There is an unauthorized access vulnerability in ZTE T5400. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD
CVE-2025-26710
EPSS 0% CVSS 3.5
LOW Monitor

There is an an information disclosure vulnerability in ZTE T5400. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure
NVD
CVE-2025-26709
EPSS 0% CVSS 5.7
MEDIUM This Month

There is an unauthorized access vulnerability in ZTE F50. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy