Search criteria
9 vulnerabilities by ZTE Corporation
CVE-2020-6864 (GCVE-0-2020-6864)
Vulnerability from cvelistv5 – Published: 2020-02-27 16:48 – Updated: 2024-08-04 09:11
VLAI?
Summary
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.
Severity ?
No CVSS data available.
CWE
- information leak
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | E8820V3 |
Affected:
All versions up to V3.1.0.1000.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E8820V3",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "All versions up to V3.1.0.1000.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T16:48:37.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2020-6864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E8820V3",
"version": {
"version_data": [
{
"version_value": "All versions up to V3.1.0.1000.4"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2020-6864",
"datePublished": "2020-02-27T16:48:37.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6863 (GCVE-0-2020-6863)
Vulnerability from cvelistv5 – Published: 2020-02-27 16:48 – Updated: 2024-08-04 09:11
VLAI?
Summary
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.
Severity ?
No CVSS data available.
CWE
- permission and access control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | E8820V3 |
Affected:
All versions up to V3.1.0.1000.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E8820V3",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "All versions up to V3.1.0.1000.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "permission and access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T16:48:05.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2020-6863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E8820V3",
"version": {
"version_data": [
{
"version_value": "All versions up to V3.1.0.1000.4"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "permission and access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2020-6863",
"datePublished": "2020-02-27T16:48:05.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6862 (GCVE-0-2020-6862)
Vulnerability from cvelistv5 – Published: 2020-01-17 17:47 – Updated: 2024-08-04 09:11
VLAI?
Summary
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.
Severity ?
No CVSS data available.
CWE
- information leak
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | F6x2W |
Affected:
V6.0.10P2T2?V6.0.10P2T5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F6x2W",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "V6.0.10P2T2?V6.0.10P2T5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-11T16:07:01.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2020-6862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F6x2W",
"version": {
"version_data": [
{
"version_value": "V6.0.10P2T2?V6.0.10P2T5"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162"
},
{
"name": "http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2020-6862",
"datePublished": "2020-01-17T17:47:16.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3424 (GCVE-0-2019-3424)
Vulnerability from cvelistv5 – Published: 2019-11-18 18:20 – Updated: 2024-08-04 19:12
VLAI?
Summary
authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations.
Severity ?
No CVSS data available.
CWE
- Authentication Issues
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | C520V21 |
Affected:
All versions up to V2.1.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "C520V21",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "All versions up to V2.1.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Issues",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-18T18:20:23.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "C520V21",
"version": {
"version_data": [
{
"version_value": "All versions up to V2.1.14"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3424",
"datePublished": "2019-11-18T18:20:23.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3423 (GCVE-0-2019-3423)
Vulnerability from cvelistv5 – Published: 2019-11-18 18:19 – Updated: 2024-08-04 19:12
VLAI?
Summary
permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources.
Severity ?
No CVSS data available.
CWE
- Permission and Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | C520V21 |
Affected:
All versions up to V2.1.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "C520V21",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "All versions up to V2.1.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permission and Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-18T18:19:44.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "C520V21",
"version": {
"version_data": [
{
"version_value": "All versions up to V2.1.14"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission and Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3423",
"datePublished": "2019-11-18T18:19:44.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3426 (GCVE-0-2019-3426)
Vulnerability from cvelistv5 – Published: 2019-11-08 18:29 – Updated: 2024-08-04 19:12
VLAI?
Summary
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
Severity ?
No CVSS data available.
CWE
- input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | ZXUPN-9000E |
Affected:
All versions up to 9000EV5.0R1B12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXUPN-9000E",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "All versions up to 9000EV5.0R1B12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T18:29:03.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXUPN-9000E",
"version": {
"version_data": [
{
"version_value": "All versions up to 9000EV5.0R1B12"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3426",
"datePublished": "2019-11-08T18:29:03.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3425 (GCVE-0-2019-3425)
Vulnerability from cvelistv5 – Published: 2019-11-08 18:28 – Updated: 2024-08-04 19:12
VLAI?
Summary
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
Severity ?
No CVSS data available.
CWE
- permission and access control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | ZXUPN-9000E |
Affected:
All versions up to 9000EV5.0R1B12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXUPN-9000E",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "All versions up to 9000EV5.0R1B12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "permission and access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-08T18:28:27.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXUPN-9000E",
"version": {
"version_data": [
{
"version_value": "All versions up to 9000EV5.0R1B12"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "permission and access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3425",
"datePublished": "2019-11-08T18:28:27.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3421 (GCVE-0-2019-3421)
Vulnerability from cvelistv5 – Published: 2019-10-31 15:27 – Updated: 2024-08-04 19:12
VLAI?
Summary
The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | ZX297520V3 |
Affected:
All versions up to 7520V3V1.0.0B09P27
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZX297520V3",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "All versions up to\u00a07520V3V1.0.0B09P27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T15:27:46.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZX297520V3",
"version": {
"version_data": [
{
"version_value": "All versions up to\u00a07520V3V1.0.0B09P27"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011643",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3421",
"datePublished": "2019-10-31T15:27:46.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3419 (GCVE-0-2019-3419)
Vulnerability from cvelistv5 – Published: 2019-10-31 15:22 – Updated: 2024-08-04 19:12
VLAI?
Summary
A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- Resource Management Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE Corporation | ZXMP M721 DX |
Affected:
ZXMP M721V3.10P01B10_M2NCP
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXMP M721 DX",
"vendor": "ZTE Corporation",
"versions": [
{
"status": "affected",
"version": "ZXMP M721V3.10P01B10_M2NCP"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability exists in a management port in the version of ZTE\u0027s ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Management Error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T15:22:19.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXMP M721 DX",
"version": {
"version_data": [
{
"version_value": "ZXMP M721V3.10P01B10_M2NCP"
}
]
}
}
]
},
"vendor_name": "ZTE Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability exists in a management port in the version of ZTE\u0027s ZXMP M721V3.10P01B10_M2NCP. An attacker could exploit this vulnerability to build a link to the device and send specific packets to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011542",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3419",
"datePublished": "2019-10-31T15:22:19.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}