Zte: Security Vulnerabilities
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-11-22
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-11-08
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
CVSS Score
9.1
EPSS Score
0.004
Published
2022-09-23
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-07-18
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-15
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-06-09
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-12
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-05-11
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-03-30
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-02-24