Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Zxhn H108n Firmware Security Vulnerabilities

cve
cve

CVE-2021-21729

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N...

6.5CVSS

6.5AI Score

0.001EPSS

2021-04-13 04:15 PM
21
4
cve
cve

CVE-2019-3420

All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized...

6.5CVSS

6.2AI Score

0.001EPSS

2019-11-13 11:15 PM
32
cve
cve

CVE-2015-7255

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or...

7.5CVSS

5.7AI Score

0.001EPSS

2017-08-29 03:29 PM
40
cve
cve

CVE-2015-8703

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than...

6.5CVSS

6.7AI Score

0.003EPSS

2015-12-30 05:59 AM
27
cve
cve

CVE-2015-7252

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage...

6.1CVSS

7AI Score

0.002EPSS

2015-12-30 05:59 AM
24
cve
cve

CVE-2015-7251

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET...

9.8CVSS

9.3AI Score

0.007EPSS

2015-12-30 05:59 AM
49
cve
cve

CVE-2015-7250

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage...

7.5CVSS

8.4AI Score

0.003EPSS

2015-12-30 05:59 AM
24
cve
cve

CVE-2015-7249

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd...

4.9CVSS

6.7AI Score

0.002EPSS

2015-12-30 05:59 AM
44
cve
cve

CVE-2015-7248

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than...

7.5CVSS

7.8AI Score

0.003EPSS

2015-12-30 05:59 AM
34