• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-23143
Otcp Firmware, Zte
Wf820+_lte_outdoor_cpe_firmware, Wf820+_lte_outdoor_cpe, Mf920_firmware, Mf920, Netnumen_dap_firmware, Netnumen_dap, Otcp_firmware, Otcp, Zxmw_nr8000_firmware, Zxmw_nr8000
2023-01-23
N/A
6.5 MEDIUM
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
CVE-2022-23142
2022-07-23
N/A
5.3 MEDIUM
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible.
CVE-2022-23141
2022-07-22
N/A
7.5 HIGH
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
CVE-2022-2314
2022-10-06
N/A
9.8 CRITICAL
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
CVE-2022-23139
2022-05-23
N/A
8.8 HIGH
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
CVE-2022-23138
2022-06-15
N/A
7.5 HIGH
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.
CVE-2022-23137
2022-05-19
N/A
6.1 MEDIUM
ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered.
CVE-2022-23136
2022-04-07
N/A
5.4 MEDIUM
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
CVE-2022-23135
2022-03-08
N/A
6.5 MEDIUM
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.
CVE-2022-23134
2022-02-10
N/A
5.3 MEDIUM
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
« Previous 1 … 10,611 10,612 10,613 10,614 10,615 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE