Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zte vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2014-4018
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote malicious users to obtain access via unspecified vectors.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
5
CVSSv2
CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
6.8
CVSSv2
CVE-2014-4155
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote malicious users to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
Zte Zxv10 W300 Firmware 1.0.0a Zrd Lk
Zte Zxv10 W300 -
1 EDB exploit
2.1
CVSSv2
CVE-2021-21726
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affec...
Zte Zxone 9700 Firmware 1.40.021.021cp049
Zte Zxone 8700 Firmware 1.40.021.021cp049
Zte Zxone 19700 Firmware 1.0p02b219 \\@ncpm-release 2.40r1-20200914.set
NA
CVE-2023-25643
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
Zte Mc801a Firmware Mc801a Elisa3 B19
Zte Mc801a1 Firmware Mc801a1 Elisa1 B04
NA
CVE-2023-25651
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
Zte Mf833u1 Firmware Bd Mf833u1v1.0.0b01
Zte Mf286r Firmware Cr Lvwrgbmf286rv1.0.0b04
NA
CVE-2022-39072
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
Zte Mf286r Firmware Nordic Mf286r B06
Zte Mf289d Firmware Cr Tmoczmf289dv1.0.0b07
4.3
CVSSv2
CVE-2014-9020
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote malicious users to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due...
Zte Zxdsl 831cii -
Zte Zxdsl 831 -
9
CVSSv2
CVE-2015-7258
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
Zte Zxv10 W300 Firmware W300v2.1.0f Er7 Pe O57
Zte Zxv10 W300 Firmware W300v2.1.0h Er7 Pe O57
1 EDB exploit
4.3
CVSSv2
CVE-2021-21729
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
Zte Zxhn H168n Firmware 3.5.0 Eg1t5 Te
Zte Zxhn H108n Firmware 2.5.5 Btmt1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »