Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ZX10 1800-2S by ZTE

    CVE-2017-10931 (GCVE-0-2017-10931)

    Vulnerability from nvd – Published: 2017-09-19 14:00 – Updated: 2024-09-17 03:37
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10931",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:33.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10930 (GCVE-0-2017-10930)

    Vulnerability from nvd – Published: 2017-09-19 14:00 – Updated: 2024-09-16 17:33
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10930",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10930",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:33:43.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10930 (GCVE-0-2017-10930)

    Vulnerability from cvelistv5 – Published: 2017-09-19 14:00 – Updated: 2024-09-16 17:33
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10930",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10930",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:33:43.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10931 (GCVE-0-2017-10931)

    Vulnerability from cvelistv5 – Published: 2017-09-19 14:00 – Updated: 2024-09-17 03:37
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10931",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:33.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }