Vulnerabilities > ZTE > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-6874 | Insufficiently Protected Credentials vulnerability in ZTE Zxiptv Firmware Zxiptvwebpv5.09.08.04 A ZTE product is impacted by the cryptographic issues vulnerability. | 9.1 |
| 2020-07-20 | CVE-2020-6871 | Improper Authentication vulnerability in ZTE products The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. | 9.8 |
| 2019-12-23 | CVE-2019-3431 | Insufficiently Protected Credentials vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02 All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. | 9.8 |
| 2019-09-23 | CVE-2019-3416 | Improper Input Validation vulnerability in ZTE Zxv10 B860A Firmware 81511329.1008 All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. | 9.8 |
| 2019-06-11 | CVE-2019-3412 | OS Command Injection vulnerability in ZTE Mf920 Firmware All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. | 9.8 |
| 2018-12-07 | CVE-2018-7364 | Unspecified vulnerability in ZTE Zxin10 Resv1.01.43 All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. | 9.8 |
| 2018-11-16 | CVE-2018-7359 | Out-of-bounds Write vulnerability in ZTE Zxhn F670 Firmware All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. | 9.8 |
| 2018-07-25 | CVE-2017-10934 | Deserialization of Untrusted Data vulnerability in ZTE Zxiptv-Epg Firmware All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 9.8 |
| 2017-09-28 | CVE-2017-10932 | Deserialization of Untrusted Data vulnerability in ZTE products All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. | 9.8 |
| 2017-09-19 | CVE-2017-10930 | Files or Directories Accessible to External Parties vulnerability in ZTE Zxr10 1800-2S Firmware The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | 9.8 |