Filtered by vendor Zte Subscriptions
Total 178 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-23144 1 Zte 30 Zxa10 B700v7, Zxa10 B700v7 Firmware, Zxa10 B710c-a12 and 27 more 2025-05-22 9.1 Critical
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
CVE-2023-25644 1 Zte 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more 2025-05-22 6.5 Medium
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
CVE-2025-46574 1 Zte 1 Zxcloud Goldendb 2025-05-12 4.1 Medium
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
CVE-2025-46575 1 Zte 1 Zxcloud Goldendb 2025-05-12 4.9 Medium
There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.
CVE-2025-46576 1 Zte 1 Zxcloud Goldendb 2025-05-12 5.4 Medium
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content.
CVE-2025-46577 1 Zte 1 Zxcloud Goldendb 2025-05-12 6.5 Medium
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
CVE-2025-46578 1 Zte 1 Zxcloud Goldendb 2025-05-12 6.5 Medium
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
CVE-2025-46579 1 Zte 1 Zxcloud Goldendb 2025-05-12 8.4 High
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed.
CVE-2025-46580 1 Zte 1 Zxcloud Goldendb 2025-05-12 7.7 High
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
CVE-2022-39069 1 Zte 1 Zaip-aie 2025-05-01 5.3 Medium
There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.
CVE-2022-39070 1 Zte 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more 2025-04-29 9.8 Critical
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
CVE-2022-39067 1 Zte 2 Mf286r, Mf286r Firmware 2025-04-29 6.5 Medium
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVE-2022-39066 1 Zte 2 Mf286r, Mf286r Firmware 2025-04-29 8.8 High
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
CVE-2022-23143 1 Zte 2 Otcp, Otcp Firmware 2025-04-24 6.5 Medium
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
CVE-2022-45957 1 Zte 2 Zxhn-h108ns, Zxhn-h108ns Firmware 2025-04-22 7.5 High
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.
CVE-2017-16953 1 Zte 2 Zxdsl 831cii, Zxdsl 831cii Firmware 2025-04-20 N/A
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
CVE-2015-7258 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2025-04-20 N/A
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
CVE-2015-7255 1 Zte 12 Gan9.8t101a-b, Gan9.8t101a-b Firmware, Hg110 and 9 more 2025-04-20 N/A
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
CVE-2015-7259 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2025-04-20 N/A
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
CVE-2015-7257 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2025-04-20 N/A
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".