Vulnerabilities > ZTE > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-11 CVE-2019-3409 OS Command Injection vulnerability in ZTE Wf820+ LTE Outdoor CPE Firmware
All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability.
network
low complexity
zte CWE-78
8.8
2018-12-20 CVE-2018-7365 Untrusted Search Path vulnerability in ZTE Usmartview and Zxcloud Irai
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
network
low complexity
zte CWE-426
7.2
2018-11-16 CVE-2018-7363 Incorrect Authorization vulnerability in ZTE Zxhn F670 Firmware
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability.
low complexity
zte CWE-863
8.8
2018-11-16 CVE-2018-7362 Improper Access Control vulnerability in ZTE Zxhn F670 Firmware
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.
network
low complexity
zte CWE-284
8.8
2018-11-14 CVE-2018-7358 Improper Authentication vulnerability in ZTE Zxhn H168N Firmware
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
low complexity
zte CWE-287
8.8
2018-11-14 CVE-2018-7357 Missing Authentication for Critical Function vulnerability in ZTE Zxhn H168N Firmware
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
low complexity
zte CWE-306
8.8
2018-11-01 CVE-2018-7356 Authentication Bypass by Capture-replay vulnerability in ZTE Zxr10 8905E Firmware 3.03.10.B23P2
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
network
low complexity
zte CWE-294
7.5
2018-07-25 CVE-2017-10937 SQL Injection vulnerability in ZTE Zxiptv-Ucm Firmware
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
network
low complexity
zte CWE-89
7.5
2018-07-25 CVE-2017-10936 SQL Injection vulnerability in ZTE Zxcdn-Sns Firmware
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
network
low complexity
zte CWE-89
7.5
2018-07-25 CVE-2017-10935 Unspecified vulnerability in ZTE Zxr10 1800-2S Firmware 3.00.40
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.
network
low complexity
zte
7.2