Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zte vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-23137
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
Zte Zxcdn Firmware
5.3
CVSSv3
CVE-2022-23142
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
Zte Zxen Cg200 Firmware
6.5
CVSSv3
CVE-2022-23143
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
Zte Otcp Firmware
7.5
CVSSv3
CVE-2017-10933
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote malicious users to read arbitrary files on the system via a full path name after host address.
Zte Zxdt22 Sf01 Firmware
7.5
CVSSv3
CVE-2017-16953
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote malicious users to modify the PPPoE configuration or set up a malicious configuration via a GET request.
Zte Zxdsl 831cii Firmware -
1 EDB exploit
8.8
CVSSv3
CVE-2022-39066
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Zte Mf286r Firmware
1 Github repository
6.5
CVSSv3
CVE-2022-39067
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
Zte Mf286r Firmware
8.8
CVSSv3
CVE-2018-7363
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.
Zte Zxhn F670 Firmware
7.5
CVSSv3
CVE-2015-7248
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote malicious users to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
Zte Zxhn H108n R1a Firmware
1 EDB exploit
4.9
CVSSv3
CVE-2015-7249
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
Zte Zxhn H108n R1a Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »