Zte: Security Vulnerabilities
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-01-06
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.033
Published
2023-01-06
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.
CVSS Score
7.5
EPSS Score
0.115
Published
2022-12-12
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-12-05
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
CVSS Score
8.8
EPSS Score
0.265
Published
2022-11-22
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-11-22
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-11-22
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-11-08
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
CVSS Score
9.1
EPSS Score
0.007
Published
2022-09-23
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-07-18