Vulnerabilities > ZTE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-15 | CVE-2019-3418 | Cross-site Scripting vulnerability in ZTE Zxhn F670 Firmware All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). | 5.4 |
| 2019-07-22 | CVE-2019-3414 | Cross-site Scripting vulnerability in ZTE Otcp Firmware 1.19.20.02 All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. | 4.8 |
| 2019-07-11 | CVE-2019-3415 | Path Traversal vulnerability in ZTE Zxmw Nr8000 Firmware 2.4.4.03/2.4.4.04 ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. | 5.7 |
| 2019-06-11 | CVE-2019-3413 | Cross-site Scripting vulnerability in ZTE Netnumen DAP Firmware 20.18.40.R7.B1 All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. | 5.4 |
| 2018-12-28 | CVE-2018-7366 | Incorrect Authorization vulnerability in ZTE Zxv10 B860Av2.1 Chinamobile Firmware ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | 6.8 |
| 2018-11-16 | CVE-2018-7361 | NULL Pointer Dereference vulnerability in ZTE Zxhn F670 Firmware All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. | 6.5 |
| 2018-11-16 | CVE-2018-7360 | Information Exposure vulnerability in ZTE Zxhn F670 Firmware All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. | 6.5 |
| 2018-09-26 | CVE-2018-7355 | Cross-site Scripting vulnerability in ZTE Mf65 Firmware and Mf65M1 Firmware All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. | 6.1 |
| 2015-12-30 | CVE-2015-8703 | Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware and Zxv10 W300 Firmware ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. | 6.5 |
| 2015-12-30 | CVE-2015-7252 | Cross-site Scripting vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. | 6.1 |