Vulnerabilities > ZTE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-25 | CVE-2017-10937 | SQL Injection vulnerability in ZTE Zxiptv-Ucm Firmware SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | 7.5 |
| 2018-07-25 | CVE-2017-10936 | SQL Injection vulnerability in ZTE Zxcdn-Sns Firmware SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. | 7.5 |
| 2018-07-25 | CVE-2017-10935 | Unspecified vulnerability in ZTE Zxr10 1800-2S Firmware 3.00.40 All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password. | 7.2 |
| 2018-07-25 | CVE-2017-10934 | Deserialization of Untrusted Data vulnerability in ZTE Zxiptv-Epg Firmware All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 9.8 |
| 2017-12-01 | CVE-2017-16953 | Improper Authentication vulnerability in ZTE Zxdsl 831Cii Firmware connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | 7.5 |
| 2017-10-19 | CVE-2017-10933 | Path Traversal vulnerability in ZTE Zxdt22 Sf01 Firmware V2.06.00.00 All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | 7.5 |
| 2017-09-28 | CVE-2017-10932 | Deserialization of Untrusted Data vulnerability in ZTE products All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 9.8 |
| 2017-09-19 | CVE-2017-10931 | Path Traversal vulnerability in ZTE Zxr10 1800-2S Firmware The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | 7.5 |
| 2017-09-19 | CVE-2017-10930 | Files or Directories Accessible to External Parties vulnerability in ZTE Zxr10 1800-2S Firmware The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | 9.8 |
| 2017-08-29 | CVE-2015-7255 | Information Exposure vulnerability in ZTE products ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. | 7.5 |