CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6880
https://notcve.org/view.php?id=CVE-2020-6880
01 Dec 2020 — A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. Un controlador inalámbrico ZXELINK, presenta una vulnerabilidad de inyección SQL. • http://www.zxelink.com.cn/website/html/CommonContent.html?classify=news&id=43&menuID=20201126153313319 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6879
https://notcve.org/view.php?id=CVE-2020-6879
19 Nov 2020 — Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6877
https://notcve.org/view.php?id=CVE-2020-6877
05 Nov 2020 — A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 Un producto ZTE está afectado por una vulnerabilidad de filtrado de información. Un atacante podría usar esta vulnerabilidad para obtener la contraseña de autenticación del terminal portátil y acceder ilegalmente al dispositivo para su funcionamiento. E... • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013843 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6876
https://notcve.org/view.php?id=CVE-2020-6876
26 Oct 2020 — A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 Un producto ZTE está afectado por una vulnerabilidad de tipo XSS. • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6875
https://notcve.org/view.php?id=CVE-2020-6875
05 Oct 2020 — A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects:
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6873
https://notcve.org/view.php?id=CVE-2020-6873
01 Sep 2020 — A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40. Un producto ZTE presenta una vulnerabilidad de DoS. Debido a que el equipo no pudo distinguir los paquetes de ataque y los paquetes normales... • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013403 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6874
https://notcve.org/view.php?id=CVE-2020-6874
01 Sep 2020 — A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04. Un producto ZTE está afectado por una vulnerabilidad de problemas criptográficos. El algoritmo de cifrado no es utilizado apropiadamente, por lo que los atacantes remotos podrían usar esta vulnerabilidad para... • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013463 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2020-6872
https://notcve.org/view.php?id=CVE-2020-6872
20 Jul 2020 — The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-6871
https://notcve.org/view.php?id=CVE-2020-6871
20 Jul 2020 — The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects:
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6870
https://notcve.org/view.php?id=CVE-2020-6870
24 Jun 2020 — The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115 La versión V12.17.20T115 del producto ZTE U31R20 está afectada por una vulnerabilidad de error de diseño. Un atacante podría explotar la vulner... • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013043 •