CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45414
https://notcve.org/view.php?id=CVE-2024-45414
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45413
https://notcve.org/view.php?id=CVE-2024-45413
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45415
https://notcve.org/view.php?id=CVE-2024-45415
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45416
https://notcve.org/view.php?id=CVE-2024-45416
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21729
https://notcve.org/view.php?id=CVE-2021-21729
13 Apr 2021 — Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 Algunos productos ZTE presentan una vulnerabilidad de tipo CSRF. Debido a que algunas páginas presentan un fallo de verificación de valor aleatorio de CSRF, atacantes podrían llevar a cabo operaciones de autorización ilegales mediante la construcción d... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904 • CWE-330: Use of Insufficiently Random Values CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3420
https://notcve.org/view.php?id=CVE-2019-3420
13 Nov 2019 — All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. Todas las versiones hasta V2.5.0_EG1T5_TED del producto ZTE ZXHN H108N se ven afectadas por una vulnerabilidad de fuga de información. Un atacante podría explotar la vulnerabilidad para obtener información confidencial y realizar operaciones no autorizadas. • http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802 •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-7255
https://notcve.org/view.php?id=CVE-2015-7255
29 Aug 2017 — ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, y ZXHN H108N utilizan certificados X.509 no únicos y claves de host SSH, lo que puede permitir a los atac... • http://www.kb.cert.org/vuls/id/566724 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 1CVE-2015-8703 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8703
30 Dec 2015 — ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE y dispositivos ZXV10 W300 en versiones anteriores aW300V1.0.0f_ER1_PE permiten a usuarios remotos autenticados eludir las restricciones d... • https://www.exploit-db.com/exploits/38773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 2CVE-2015-7248 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7248
20 Nov 2015 — ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos descubrir nombres de usuario y hashes de contraseñas leyendo el código fuente HTML cgi-bin/webproc, una vulnerabilidad diferente a CVE-2015-8703. ZTE ZXHN H108N R1A and ZXV10 W300 ... • https://packetstorm.news/files/id/134492 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 2CVE-2015-7252 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7252
20 Nov 2015 — Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. Vulnerabilidad de XSS en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro errorpage. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer fro... • https://packetstorm.news/files/id/134492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •