Vulnerabilities > ZTE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-18 | CVE-2024-22067 | Unspecified vulnerability in ZTE Nh8091 Firmware Znh8091V1.8 ZTE NH8091 product has an improper permission control vulnerability. | 8.8 |
| 2024-08-08 | CVE-2024-22069 | Unspecified vulnerability in ZTE Zxv10 Et301 Firmware and Zxv10 Xt802 Firmware There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | 8.8 |
| 2024-01-03 | CVE-2023-41776 | Improper Privilege Management vulnerability in ZTE Zxcloud Irai Firmware There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | 7.8 |
| 2024-01-03 | CVE-2023-41780 | Uncontrolled Search Path Element vulnerability in ZTE Zxcloud Irai Firmware There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. | 7.8 |
| 2024-01-03 | CVE-2023-41783 | Code Injection vulnerability in ZTE Zxcloud Irai Firmware There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. | 7.8 |
| 2023-12-14 | CVE-2023-25643 | Command Injection vulnerability in ZTE Mc801A1 Firmware and Mc801A Firmware There is a command injection vulnerability in some ZTE mobile internet products. | 8.8 |
| 2023-12-14 | CVE-2023-25644 | Unspecified vulnerability in ZTE Mc801A1 Firmware and Mc801A Firmware There is a denial of service vulnerability in some ZTE mobile internet products. | 7.5 |
| 2023-12-14 | CVE-2023-25648 | Incorrect Permission Assignment for Critical Resource vulnerability in ZTE Zxcloud Irai Firmware 6.03.04/7.23.20 There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. | 7.8 |
| 2023-12-14 | CVE-2023-25651 | SQL Injection vulnerability in ZTE Mf286R Firmware and Mf833U1 Firmware There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. | 8.0 |
| 2023-08-25 | CVE-2023-25649 | Command Injection vulnerability in ZTE Mf286R Firmware Crlvwrgbmf286Rv1.0.0B04 There is a command injection vulnerability in a mobile internet product of ZTE. | 8.8 |