CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45414
https://notcve.org/view.php?id=CVE-2024-45414
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45413
https://notcve.org/view.php?id=CVE-2024-45413
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45415
https://notcve.org/view.php?id=CVE-2024-45415
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-45416
https://notcve.org/view.php?id=CVE-2024-45416
16 Sep 2024 — The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21735
https://notcve.org/view.php?id=CVE-2021-21735
10 Jun 2021 — A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. Un producto de ZTE tiene una vulnerabilidad de filtrado de información. Debido a una configuración inapropiada de los permisos, un atacante con permisos de usuario ordinarios podría explotar esta ... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21729
https://notcve.org/view.php?id=CVE-2021-21729
13 Apr 2021 — Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 Algunos productos ZTE presentan una vulnerabilidad de tipo CSRF. Debido a que algunas páginas presentan un fallo de verificación de valor aleatorio de CSRF, atacantes podrían llevar a cabo operaciones de autorización ilegales mediante la construcción d... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904 • CWE-330: Use of Insufficiently Random Values CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21730
https://notcve.org/view.php?id=CVE-2021-21730
13 Apr 2021 — A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 Un producto ZTE está afectado por una vulnerabilidad de control de acceso inapropiado. El atacante podría explotar esta vulnerabilidad para acceder a la CLI por medio de ataques de fuerza bruta. Esto afecta a: ZXHN H168N versión V3.5.0_TY.T6 • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014864 •
CVSS: 8.8EPSS: 39%CPEs: 5EXPL: 2CVE-2018-7357 – ZTE ZXHN H168N - Improper Access Restrictions
https://notcve.org/view.php?id=CVE-2018-7357
14 Nov 2018 — ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. El producto ZTE ZXHN H168N en versiones V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 y V2.2.0_PK11T tiene una vulnerabilidad de control de acceso incorrecto, que podría permitir que un usuario no autorizado obenga acceso no autorizado. ZTE Home Gateway ZXHN H168N suffers from multiple access bypas... • https://packetstorm.news/files/id/150728 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 39%CPEs: 5EXPL: 2CVE-2018-7358 – ZTE ZXHN H168N - Improper Access Restrictions
https://notcve.org/view.php?id=CVE-2018-7358
14 Nov 2018 — ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. El producto ZTE ZXHN H168N en versiones V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 y V2.2.0_PK11T tiene una vulnerabilidad de control de cambios incorrecto, que podría permitir que un usuario no autorizado realice acciones no autorizadas. ZTE Home Gateway ZXHN H168N suffers from multiple ... • https://packetstorm.news/files/id/150728 • CWE-287: Improper Authentication •