Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zte vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-10936
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote malicious users to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
Zte Zxcdn-sns Firmware
7.5
CVSSv3
CVE-2017-10937
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote malicious users to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
Zte Zxiptv-ucm Firmware
7.5
CVSSv3
CVE-2017-16953
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote malicious users to modify the PPPoE configuration or set up a malicious configuration via a GET request.
Zte Zxdsl 831cii Firmware -
1 EDB exploit
7.5
CVSSv3
CVE-2017-10933
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote malicious users to read arbitrary files on the system via a full path name after host address.
Zte Zxdt22 Sf01 Firmware
7.5
CVSSv3
CVE-2017-10931
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Zte Zxr10 1800-2s Firmware
7.5
CVSSv3
CVE-2015-7255
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote malicious users to obtain credentials or other sensitive information via a man-in-the-middle attack, passive dec...
Zte Ox-330p Firmware -
Zte Zxhn H108n Firmware -
Zte W300v1.0.0s Zrd Tr1 D68 Firmware -
Zte Hg110 Firmware -
Zte Gan9.8t101a-b Firmware -
Zte Mf28g Firmware -
1 Article
7.5
CVSSv3
CVE-2015-7257
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "...
Zte Zxv10 W300 Firmware W300v2.1.0f Er7 Pe O57
Zte Zxv10 W300 Firmware W300v2.1.0h Er7 Pe O57
1 EDB exploit
7.5
CVSSv3
CVE-2011-5325
Directory traversal vulnerability in the BusyBox implementation of tar prior to 1.22.0 v5 allows remote malicious users to point to files outside the current working directory via a symlink.
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
7.5
CVSSv3
CVE-2016-2147
Integer overflow in the DHCP client (udhcpc) in BusyBox prior to 1.25.0 allows remote malicious users to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
Busybox Busybox
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
7.5
CVSSv3
CVE-2015-7248
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote malicious users to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
Zte Zxhn H108n R1a Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »