Filtered by vendor Zte
Subscribe
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21740 | 1 Zte | 2 Zxhn H2640, Zxhn H2640 Firmware | 2021-08-17 | 2.1 LOW | 2.4 LOW |
| There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. | |||||
| CVE-2021-21738 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09> | |||||
| CVE-2021-21739 | 1 Zte | 2 Zxctn 6120h, Zxctn 6120h Firmware | 2021-08-12 | 2.1 LOW | 4.6 MEDIUM |
| A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24> | |||||
| CVE-2020-6866 | 1 Zte | 2 Zxctn 6500, Zxctn 6500 Firmware | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3B87. | |||||
| CVE-2020-6875 | 1 Zte | 2 Zxone 19700 Snpe, Zxone 19700 Snpe Firmware | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE> | |||||
| CVE-2020-6874 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2021-07-21 | 5.5 MEDIUM | 9.1 CRITICAL |
| A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. | |||||
| CVE-2020-6863 | 1 Zte | 2 E8820v3, E8820v3 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. | |||||
| CVE-2019-3419 | 1 Zte | 2 Zxmp M721 Dx, Zxmp M721 Dx Firmware | 2021-07-21 | 2.7 LOW | 5.7 MEDIUM |
| A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service. | |||||
| CVE-2020-6869 | 1 Zte | 1 Ztemarket Apk | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. | |||||
| CVE-2020-6882 | 1 Zte | 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> | |||||
| CVE-2020-6877 | 1 Zte | 2 Zxa10 Eodn, Zxa10 Eodn Firmware | 2021-07-21 | 4.0 MEDIUM | 8.8 HIGH |
| A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 | |||||
| CVE-2019-3430 | 1 Zte | 1 Zxcloud Goldendata Vap | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system. | |||||
| CVE-2019-3431 | 1 Zte | 1 Zxcloud Goldendata Vap | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access. | |||||
| CVE-2020-6864 | 1 Zte | 2 E8820v3, E8820v3 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. | |||||
| CVE-2021-21737 | 1 Zte | 2 Zxv10 B860h V5.0, Zxv10 B860h V5.0 Firmware | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016 | |||||
| CVE-2021-21736 | 1 Zte | 2 Zxhn Hs562, Zxhn Hs562 Firmware | 2021-06-17 | 8.0 HIGH | 7.2 HIGH |
| A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E | |||||
| CVE-2021-21735 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2021-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. | |||||
| CVE-2021-21734 | 1 Zte | 16 Zxa10 F809, Zxa10 F809 Firmware, Zxa10 F819 and 13 more | 2021-06-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01 | |||||
| CVE-2021-21733 | 1 Zte | 1 Zxcdn | 2021-05-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02. | |||||
| CVE-2021-21728 | 1 Zte | 2 Zxa10 C300m, Zxa10 C300m Firmware | 2021-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8. | |||||