CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26705
https://notcve.org/view.php?id=CVE-2025-26705
11 Mar 2025 — Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/577084989971263576 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26706
https://notcve.org/view.php?id=CVE-2025-26706
11 Mar 2025 — Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6999218053484646486 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26707
https://notcve.org/view.php?id=CVE-2025-26707
11 Mar 2025 — Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6999218053484646470 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26708 – ZTELink has a configuration defect vulnerability
https://notcve.org/view.php?id=CVE-2025-26708
07 Mar 2025 — There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5666152569221570580 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22067 – ZTE NH8091 product has an improper permission control vulnerability
https://notcve.org/view.php?id=CVE-2024-22067
18 Nov 2024 — ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6179526095692935173 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22066
https://notcve.org/view.php?id=CVE-2024-22066
29 Oct 2024 — There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. Existe una vulnerabilidad de escalada de privilegios en el enrutador multiservicio inteligente ZTE ZXR10 ZSR V2. Un atacante autenticado podría usar la vulnerabilidad para obtener información confidencial sobre el dispositivo. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22065 – ZTE MF258 Pro product has a OS Command injection vulnerability
https://notcve.org/view.php?id=CVE-2024-22065
29 Oct 2024 — There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225572 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22068 – Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router
https://notcve.org/view.php?id=CVE-2024-22068
10 Oct 2024 — Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. La vulnerabilidad de administración de privilegios incorrecta en las series ZTE ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160 en 64 bits permite la omisión de funcionalidad. Este problema afecta a las series ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3... • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39068 – Buffer Overflow Vulnerability in ZTE MF296R
https://notcve.org/view.php?id=CVE-2022-39068
18 Sep 2024 — There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1028984 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45414
https://notcve.org/view.php?id=CVE-2024-45414
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •