Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zte vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-7251
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote malicious users to obtain administrative access via a TELNET session.
Zte Zxhn H108n R1a Firmware
1 EDB exploit
9.1
CVSSv3
CVE-2022-23144
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Zte Zxa10 B76hv3 Firmware
Zte Zxa10 B766v2 Firmware
Zte Zxa10 B800v2 Firmware
Zte Zxa10 B860av2.1 Firmware
Zte Zxa10 B860h Firmware
Zte Zxa10 B866v2-h Firmware
Zte Zxa10 B866v5-w10 Firmware
Zte Zxa10 B960gv1 Firmware
Zte Zxa10 B710c-a12 Firmware
Zte Zxa10 B710s2-a19 Firmware
Zte Zxa10 B836ct-a15 Firmware
Zte Zxa10 S100v Firmware
Zte Zxa10 S200a Firmware
Zte Zxa10 S200t Firmware
Zte Zxa10 B700v7 Firmware
9.1
CVSSv3
CVE-2020-6874
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV...
Zte Zxiptv Firmware Zxiptv-web-pv5.09.08.04
8.8
CVSSv3
CVE-2023-25643
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Zte Mc801a Firmware Mc801a Elisa3 B19
Zte Mc801a1 Firmware Mc801a1 Elisa1 B04
8.8
CVSSv3
CVE-2023-25649
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Zte Mf286r Firmware Cr Lvwrgbmf286rv1.0.0b04
8.8
CVSSv3
CVE-2022-39066
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Zte Mf286r Firmware
1 Github repository
8.8
CVSSv3
CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that ...
Zte Zxmp M721 Firmware 5.10.030.006
8.8
CVSSv3
CVE-2020-6877
A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1
Zte Zxa10 Eodn Firmware 2.3p2t1
8.8
CVSSv3
CVE-2019-3425
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
Zte Zxupn-9000e Firmware
8.8
CVSSv3
CVE-2019-3426
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
Zte Zxupn-9000e Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »