Zte Zte

Do you want an email whenever new security vulnerabilities are reported in any Zte product?

Products by Zte Sorted by Most Security Vulnerabilities since 2018

Zte Zxcloud Goldendata Vap3 vulnerabilities

Zte Zxin10 Cms2 vulnerabilities

Zte Evdc1 vulnerability

Zte Oscp1 vulnerability

Zte Usmartview1 vulnerability

Zte Zaip Aie1 vulnerability

Zte Zenic One R22b1 vulnerability

Zte Zxcdn1 vulnerability

Zte Zxcloud Irai1 vulnerability

Zte Zxin101 vulnerability

Zte Zxv10 W3001 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in Zte . Zte did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 1 5.30
2021 4 6.58
2020 4 6.23
2019 3 6.67
2018 2 8.50

It may take a day or so for new Zte vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Zte Security Vulnerabilities

There is a SQL injection vulnerability in ZTE ZAIP-AIE

CVE-2022-39069 5.3 - Medium - November 08, 2022

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content.

SQL Injection

ZTE BigVideo analysis product has an input verification vulnerability

CVE-2021-21751 8.1 - High - December 27, 2021

ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.

ZTE BigVideo Analysis product has a privilege escalation vulnerability

CVE-2021-21750 7.8 - High - December 27, 2021

ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.

Improper Privilege Management

There is an information leak vulnerability in the message service app of a ZTE mobile phone

CVE-2021-21742 5.5 - Medium - September 25, 2021

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

The management system of ZXCDN is impacted by the information leak vulnerability

CVE-2021-21733 4.9 - Medium - May 19, 2021

The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02.

Information Disclosure

A ZTE product is impacted by an XSS vulnerability

CVE-2020-6876 5.4 - Medium - October 26, 2020

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04

XSS

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL

CVE-2020-12695 7.5 - High - June 08, 2020

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Incorrect Default Permissions

ZTE SDN controller platform is impacted by an information leakage vulnerability

CVE-2020-6865 6.5 - Medium - April 30, 2020

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.

Information Disclosure

ZTE's SDON controller is impacted by the resource management error vulnerability

CVE-2020-6867 5.5 - Medium - April 30, 2020

ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.

Buffer Overflow

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability

CVE-2019-3429 5.3 - Medium - December 23, 2019

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.

Insertion of Sensitive Information into Log File

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability

CVE-2019-3430 4.9 - Medium - December 23, 2019

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system.

Information Disclosure

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability

CVE-2019-3431 9.8 - Critical - December 23, 2019

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.

Insufficiently Protected Credentials

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may

CVE-2018-7365 7.2 - High - December 20, 2018

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.

Untrusted Path

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability

CVE-2018-7364 9.8 - Critical - December 07, 2018

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.