Zte: Security Vulnerabilities
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.
CVSS Score
7.7
EPSS Score
0.0
Published
2023-06-16
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-05-30
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-05-30
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-05-30
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-01-06
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.176
Published
2023-01-06
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.
CVSS Score
7.5
EPSS Score
0.02
Published
2022-12-12
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-05
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
CVSS Score
8.8
EPSS Score
0.511
Published
2022-11-22
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-11-22