CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45413
https://notcve.org/view.php?id=CVE-2024-45413
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45414
https://notcve.org/view.php?id=CVE-2024-45414
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45416
https://notcve.org/view.php?id=CVE-2024-45416
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45415
https://notcve.org/view.php?id=CVE-2024-45415
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22069 – Permission and Access Control Vulnerability in ZXV10 XT802/ET301
https://notcve.org/view.php?id=CVE-2024-22069
08 Aug 2024 — There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. Existe una vulnerabilidad de permiso y control de acceso del producto ZXV10 XT802/ET301 de ZTE. Los atacantes con permisos comunes pueden iniciar sesión en la web del terminal y cambiar la contraseña del administrador ilegalmente interceptando solicitudes... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036424 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25646 – Permission and Access Control Vulnerability in ZTE H388X
https://notcve.org/view.php?id=CVE-2023-25646
20 Jun 2024 — There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations. Existe una vulnerabilidad de acceso no autorizado en ZTE H388X. Si H388X es causado por un craqueo del puerto serie por fuerza bruta, los atacantes con permisos de usuario comunes pueden usar esta vulnerabilidad para obtener permisos elevados... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844 • CWE-281: Improper Preservation of Permissions •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22064 – Configuration error Vulnerability in ZTE ZXUN-ePDG
https://notcve.org/view.php?id=CVE-2024-22064
10 May 2024 — ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked. El producto ZTE ZXUN-ePDG, que sirve como nodo de red del sistema VoWifi, en su configuración predeterminada, utiliza un conjunto de claves criptográficas n... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035524 • CWE-1051: Initialization with Hard-Coded Network Resource Configuration Data •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31047
https://notcve.org/view.php?id=CVE-2024-31047
08 Apr 2024 — An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. Un problema en Academy Software Foundation openexr v.3.2.3 y anteriores permite que un atacante local provoque una denegación de servicio (DoS) a través de la función de conversión de exrmultipart.cpp. • https://github.com/AcademySoftwareFoundation/openexr/issues/1680 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.0EPSS: 0%CPEs: 41EXPL: 0CVE-2024-31083 – Xorg-x11-server: use-after-free in procrenderaddglyphs
https://notcve.org/view.php?id=CVE-2024-31083
05 Apr 2024 — A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the syst... • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-416: Use After Free •
CVSS: 8.0EPSS: 0%CPEs: 41EXPL: 0CVE-2024-31081 – Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice
https://notcve.org/view.php?id=CVE-2024-31081
04 Apr 2024 — A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a c... • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-126: Buffer Over-read •