Zte

Zxhn H168n Firmware

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-45416

  • EPSS 0.11%
  • Veröffentlicht 16.09.2024 21:15:46
  • Zuletzt bearbeitet 20.09.2024 12:31:20

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them u...

8.1

CVE-2024-45413

  • EPSS 0.13%
  • Veröffentlicht 16.09.2024 21:15:45
  • Zuletzt bearbeitet 20.09.2024 12:31:20

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking ...

9.8

CVE-2024-45414

  • EPSS 0.25%
  • Veröffentlicht 16.09.2024 21:15:45
  • Zuletzt bearbeitet 20.09.2024 12:31:20

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded c...

9.8

CVE-2024-45415

  • EPSS 0.21%
  • Veröffentlicht 16.09.2024 21:15:45
  • Zuletzt bearbeitet 20.09.2024 12:31:20

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request...

6.5

CVE-2021-21735

  • EPSS 0.15%
  • Veröffentlicht 10.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:54

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentica...

6.5

CVE-2021-21729

  • EPSS 0.12%
  • Veröffentlicht 13.04.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:48:53

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_B...

9.8

CVE-2021-21730

  • EPSS 0.33%
  • Veröffentlicht 13.04.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:48:53

A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6

8.8

CVE-2018-7357

Exploit
  • EPSS 39.17%
  • Veröffentlicht 14.11.2018 15:29:02
  • Zuletzt bearbeitet 21.11.2024 04:12:03

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.

8.8

CVE-2018-7358

Exploit
  • EPSS 31.99%
  • Veröffentlicht 14.11.2018 15:29:02
  • Zuletzt bearbeitet 21.11.2024 04:12:03

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.