Skip to main content

Zte

163 CVEs vendor

Monthly

CVE-2020-6872 MEDIUM This Month

The server management software module of ZTE has a storage XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zte R8500G4 Firmware R5500G4 Firmware R5300G4 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6871 CRITICAL Act Now

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte R8500G4 Firmware R5500G4 Firmware R5300G4 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-6870 HIGH This Week

The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zte Netnumen U31 R10 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2020-6868 MEDIUM This Month

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte F680 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-6867 MEDIUM This Month

ZTE's SDON controller is impacted by the resource management error vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zte Zenic One R22B
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6866 MEDIUM This Month

A ZTE product is impacted by a resource management error vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zte Zxctn 6500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-6865 MEDIUM This Month

ZTE SDN controller platform is impacted by an information leakage vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Oscp
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-6864 MEDIUM This Month

ZTE E8820V3 router product is impacted by an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-6863 MEDIUM This Month

ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-3431 CRITICAL Act Now

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Goldendata Vap
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2019-3430 MEDIUM This Month

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Goldendata Vap
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2019-3429 MEDIUM This Month

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Goldendata Vap
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-3428 MEDIUM This Month

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcdn Iamweb Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-3427 HIGH This Week

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Zte RCE Zxcdn Iamweb Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2019-3420 MEDIUM This Month

All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H108N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-3426 HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxupn 9000E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-3425 HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxupn 9000E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-3422 MEDIUM This Month

The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf910S Firmware
NVD
CVSS 3.1
6.2
EPSS
1.0%
CVE-2019-3421 HIGH This Week

The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zte Command Injection Zx297520V3 Firmware
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2019-3419 MEDIUM This Month

A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Denial Of Service Zxmp M721 Dx Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2019-3416 CRITICAL Act Now

All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxv10 B860A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-3418 MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Zxhn F670 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-3417 HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Zxhn F670 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-3414 MEDIUM This Month

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Zte Otcp Firmware
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2019-3415 MEDIUM This Month

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Path Traversal Zxmw Nr8000 Firmware
NVD
CVSS 3.0
5.7
EPSS
0.9%
CVE-2019-3413 MEDIUM This Month

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Netnumen Dap Firmware
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-3412 CRITICAL Act Now

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Command Injection Mf920 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-3411 HIGH This Week

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Mf920 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-3410 HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte CSRF Wf820 Lte Outdoor Cpe Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-3409 HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Wf820 Lte Outdoor Cpe Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-15006 MEDIUM POC This Month

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Zte Zte Zmax Champ Firmware
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15005 HIGH POC This Week

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Zte Zte Zmax Champ Firmware
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2018-14995 MEDIUM POC This Month

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Zte Information Disclosure Zte Blade Vantage Firmware Zte Blade Spark Firmware +2
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-7366 MEDIUM This Month

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxv10 B860Av2 1 Chinamobile Firmware
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-7365 HIGH This Week

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxcloud Irai Usmartview
NVD
CVSS 3.0
7.2
EPSS
0.7%
CVE-2018-7364 CRITICAL POC THREAT Act Now

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte RCE Zxin10
NVD GitHub
CVSS 3.1
9.8
EPSS
10.3%
CVE-2018-7363 HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn F670 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-7362 HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn F670 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-7361 MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Null Pointer Dereference Denial Of Service Zxhn F670 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-7360 MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn F670 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-7359 CRITICAL Act Now

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Zte Buffer Overflow RCE Zxhn F670 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-7358 HIGH POC THREAT This Week

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte Zxhn H168N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
89.6%
CVE-2018-7357 HIGH POC THREAT This Week

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte Zxhn H168N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
87.9%
CVE-2018-7356 HIGH This Week

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxr10 8905E Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-7355 MEDIUM POC This Month

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zte Mf65 Firmware Mf65M1 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.9%
CVE-2017-16953 HIGH POC THREAT Act Now

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Zte Authentication Bypass Zxdsl 831Cii Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
18.1%
CVE-2017-10933 HIGH This Week

All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Path Traversal Zxdt22 Sf01 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-10932 CRITICAL Act Now

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8% and no vendor patch available.

Zte Deserialization Apache RCE Java +6
NVD
CVSS 3.1
9.8
EPSS
13.8%
CVE-2015-7255 HIGH This Week

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Ox 330P Firmware Zxhn H108N Firmware W300V1 0 0S Zrd Tr1 D68 Firmware +3
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-0974 HIGH POC This Week

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zte Information Disclosure Mobiconnect
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7259 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
33.3%
Threat
4.3
CVE-2015-7258 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
32.6%
Threat
4.2
CVE-2015-7257 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.7%.

Zte Information Disclosure Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.7%
CVE-2015-8703 MEDIUM POC This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zte Zxhn H108N R1A Firmware Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.5%
CVE-2015-7252 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

XSS Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
24.0%
CVE-2015-7251 CRITICAL POC THREAT Emergency

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.8%.

Zte Authentication Bypass Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.8%
Threat
4.6
CVE-2015-7250 HIGH POC THREAT Act Now

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Path Traversal Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
20.2%
CVE-2015-7249 MEDIUM POC THREAT This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Privilege Escalation Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
11.2%
CVE-2015-7248 HIGH POC THREAT Act Now

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%.

Information Disclosure Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
35.4%
Threat
4.1
CVE-2014-9184 MEDIUM POC This Month

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxdsl
NVD
CVSS 2.0
5.0
EPSS
6.9%
CVE-2014-9183 CRITICAL Act Now

ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxdsl
NVD
CVSS 2.0
10.0
EPSS
5.2%
CVE-2014-9027 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxdsl 831Cii
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9021 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zte Zxdsl 831
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9020 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zte Zxdsl 831 Zxdsl 831Cii
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9019 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Zte Zxdsl
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8493 MEDIUM POC THREAT This Month

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

Privilege Escalation Zte Zxhn H108L Firmware
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
17.7%
CVE-2014-4154 MEDIUM POC This Month

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-4018 HIGH POC This Week

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
6.2%
CVE-2014-4155 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2321 CRITICAL POC THREAT Emergency

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

Privilege Escalation Zte F460 F660
NVD VulDB
CVSS 2.0
10.0
EPSS
92.0%
Threat
6.3
CVE-2014-0329 CRITICAL POC THREAT Emergency

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.0%.

Zte Authentication Bypass Zxv10 W300
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
25.0%
Threat
4.1
CVE-2012-4746 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxdsl
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-2949 CRITICAL Act Now

The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Google Score M
NVD
CVSS 2.0
10.0
EPSS
1.9%
EPSS 1% CVSS 6.1
MEDIUM This Month

The server management software module of ZTE has a storage XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zte R8500G4 Firmware +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte R8500G4 Firmware +2
NVD
EPSS 1% CVSS 8.0
HIGH This Week

The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zte Netnumen U31 R10 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte F680 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

ZTE's SDON controller is impacted by the resource management error vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zte Zenic One R22B
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A ZTE product is impacted by a resource management error vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zte Zxctn 6500 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

ZTE SDN controller platform is impacted by an information leakage vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Oscp
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

ZTE E8820V3 router product is impacted by an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Goldendata Vap
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Goldendata Vap
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Goldendata Vap
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcdn Iamweb Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Zte RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn H108N Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxupn 9000E Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxupn 9000E Firmware
NVD
EPSS 1% CVSS 6.2
MEDIUM This Month

The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf910S Firmware
NVD
EPSS 1% CVSS 8.0
HIGH This Week

The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zte Command Injection Zx297520V3 Firmware
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Denial Of Service Zxmp M721 Dx Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxv10 B860A Firmware
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Zxhn F670 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Zxhn F670 Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Zte Otcp Firmware
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Path Traversal Zxmw Nr8000 Firmware
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Netnumen Dap Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Command Injection Mf920 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Mf920 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte CSRF Wf820 Lte Outdoor Cpe Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Wf820 Lte Outdoor Cpe Firmware
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Zte +1
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Zte +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Zte Information Disclosure +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxv10 B860Av2 1 Chinamobile Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxcloud Irai +1
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Act Now

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte RCE +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn F670 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn F670 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Null Pointer Dereference Denial Of Service +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxhn F670 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Zte Buffer Overflow +2
NVD
EPSS 90% CVSS 8.8
HIGH POC THREAT This Week

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte Zxhn H168N Firmware
NVD Exploit-DB
EPSS 88% CVSS 8.8
HIGH POC THREAT This Week

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte Zxhn H168N Firmware
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxr10 8905E Firmware
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zte Mf65 Firmware +1
NVD Exploit-DB
EPSS 18% CVSS 7.5
HIGH POC THREAT Act Now

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Zte Authentication Bypass Zxdsl 831Cii Firmware
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Path Traversal Zxdt22 Sf01 Firmware
NVD
EPSS 14% CVSS 9.8
CRITICAL Act Now

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8% and no vendor patch available.

Zte Deserialization Apache +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Ox 330P Firmware +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zte Information Disclosure Mobiconnect
NVD
EPSS 33% 4.3 CVSS 8.8
HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
EPSS 33% 4.2 CVSS 8.8
HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
EPSS 17% CVSS 7.5
HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.7%.

Zte Information Disclosure Zxv10 W300 Firmware
NVD Exploit-DB
EPSS 4% CVSS 6.5
MEDIUM POC This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zte Zxhn H108N R1A Firmware +1
NVD Exploit-DB
EPSS 24% CVSS 6.1
MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

XSS Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 39% 4.6 CVSS 9.8
CRITICAL POC THREAT Emergency

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.8%.

Zte Authentication Bypass Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 20% CVSS 7.5
HIGH POC THREAT Act Now

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Path Traversal Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 11% CVSS 4.9
MEDIUM POC THREAT This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Privilege Escalation Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 35% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%.

Information Disclosure Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 7% CVSS 5.0
MEDIUM POC This Month

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxdsl
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxdsl
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxdsl 831Cii
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zte Zxdsl 831
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zte Zxdsl 831 +1
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Zte +1
NVD
EPSS 18% CVSS 5.0
MEDIUM POC THREAT This Month

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

Privilege Escalation Zte Zxhn H108L Firmware
NVD Exploit-DB
EPSS 9% CVSS 5.0
MEDIUM POC This Month

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zte Zxv10 W300 Firmware +1
NVD Exploit-DB
EPSS 6% CVSS 7.8
HIGH POC This Week

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxv10 W300 Firmware +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxv10 W300 Firmware +1
NVD Exploit-DB
EPSS 92% 6.3 CVSS 10.0
CRITICAL POC THREAT Emergency

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

Privilege Escalation Zte F460 +1
NVD VulDB
EPSS 25% 4.1 CVSS 9.3
CRITICAL POC THREAT Emergency

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.0%.

Zte Authentication Bypass Zxv10 W300
NVD Exploit-DB
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxdsl
NVD Exploit-DB
EPSS 2% CVSS 10.0
CRITICAL Act Now

The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Google +1
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy