Zte: Security Vulnerabilities
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
CVSS Score
7.5
EPSS Score
0.518
Published
2020-02-20
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.
CVSS Score
5.3
EPSS Score
0.133
Published
2020-01-17
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-12-23
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-12-23
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-23
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-11-22
The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-11-22
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-13
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-11-08
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-11-08