Vulnerabilities > ZTE > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-06 | CVE-2022-39073 | Command Injection vulnerability in ZTE Mf286R Firmware Nordicmf286Rb06 There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | 9.8 |
2022-11-22 | CVE-2022-39070 | Unspecified vulnerability in ZTE Zxa10 C300M Firmware and Zxa10 C350M Firmware There is an access control vulnerability in some ZTE PON OLT products. | 9.8 |
2022-09-23 | CVE-2022-23144 | Unspecified vulnerability in ZTE products There is a broken access control vulnerability in ZTE ZXvSTB product. | 9.1 |
2021-08-30 | CVE-2021-21741 | Deserialization of Untrusted Data vulnerability in ZTE Zxv10 M910 Firmware There is a command execution vulnerability in a ZTE conference management system. | 9.8 |
2019-09-23 | CVE-2019-3416 | Improper Input Validation vulnerability in ZTE Zxv10 B860A Firmware All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. | 10.0 |
2018-12-07 | CVE-2018-7364 | Unspecified vulnerability in ZTE Zxin10 Resv1.01.43 All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. | 9.8 |
2018-11-16 | CVE-2018-7362 | Improper Access Control vulnerability in ZTE Zxhn F670 Firmware All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. | 9.0 |
2017-09-28 | CVE-2017-10932 | Deserialization of Untrusted Data vulnerability in ZTE products All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 10.0 |
2017-08-24 | CVE-2015-7259 | Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | 9.0 |
2017-08-24 | CVE-2015-7258 | Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | 9.0 |