CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1776 matches found

ZTE MF971R - Referer authentication bypass

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. id: CVE-2021-21745 info: name: ZTE MF971R - Referer authentication bypass...

4.3CVSS6.7AI score0.36406EPSS

Exploits0References4

Nuclei•added 2 days ago•56 views

ZTE Cable Modem Web Shell

ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to webshellcmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. id: CVE-2014-2321 info: name: ZTE Cable Modem Web Shell author:...

10CVSS7.2AI score0.9201EPSS

Exploits1References5

Exploit DB•added 6 days ago•39 views

ZTE ZXHN H188A V6 - Authentication Bypass

Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...

7.1CVSS5.8AI score0.00829EPSS

Exploits3

Exploit DB•added 6 days ago•26 views

ZTE Routers - Unauthenticated Denial of Service

Exploit Title: ZTE Routers - Unauthenticated Denial of Service Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34473-unauthenticated-dos-zte-routers Version: Multiple ZTE router...

7.5CVSS5.8AI score0.01634EPSS

Exploits3

Exploit DB•added 6 days ago•36 views

ZTE H298A / H108N - Unauthenticated Credential Exposure

Exploit Title: ZTE H298A / H108N - Unauthenticated Credential Exposure via ETHCheat Parameter Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link:...

7.5CVSS5.8AI score0.01485EPSS

Exploits3

Vulnrichment•added 2026/05/27 8:19 a.m.•3 views

CVE-2026-49002 Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

9.1CVSS5.8AI score0.0004EPSS

Exploits0References1

CVE•added 2026/05/27 8:19 a.m.•10 views

CVE-2026-49002

CVE-2026-49002 affects ZTE’s ZXUniPOS NDS-LTE product. The issue is a broken access control in the application that allows unauthorized users to access data beyond their permissions (e.g., viewing/modifying configuration information). CVSS metrics indicate a high-severity, network-exploitable fla...

9.1CVSS5.8AI score0.0004EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:33 a.m.•22 views

CVE-2026-49001 Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS0.00018EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:33 a.m.•3 views

CVE-2026-49001 Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product

5.3CVSS5.8AI score0.00018EPSS

Exploits0References1

CVE•added 2026/05/27 7:33 a.m.•5 views

CVE-2026-49001

CVE-2026-49001 describes a CSRF vulnerability in the ZTE ZXUniPOS NDS-LTE product. The vulnerability allows an attacker to abuse a user’s authenticated session to forge unwanted requests, potentially tampering configuration data. According to the metrics, the exploit would have Network attack vec...

5.3CVSS5.8AI score0.00018EPSS

Exploits0References1

Cvelist•added 2026/05/27 3:38 a.m.•30 views

CVE-2026-49000 Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS0.00031EPSS

Exploits0References1

CVE•added 2026/05/27 3:38 a.m.•11 views

CVE-2026-49000

Technical details (affected products, components, versions, exploit info) are not publicly available in the provided documents. Monitor for updates from NVD, the CVE List, and vendors.

7CVSS5.9AI score0.00031EPSS

Exploits0References1

CVE•added 2026/05/27 2:25 a.m.•5 views

CVE-2026-48999

CVE-2026-48999 affects the ZTE ZXUniPOS NDS-LTE product. It is a Stored Cross-Site Scripting (XSS) vulnerability where attacker-supplied scripts are stored and executed in a user’s browser when loading affected pages. Impacts stated include cookie theft, session hijacking, and page content tamper...

5.7CVSS5.9AI score0.00033EPSS

Exploits0References1

Cvelist•added 2026/05/27 2:25 a.m.•25 views

CVE-2026-48999 Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS0.00033EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 2:25 a.m.•4 views

CVE-2026-48999 Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product

5.7CVSS5.9AI score0.00033EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•5 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has security vulnerabilities, which stem from unsafe password schemes. These include improper selection of encryption algorithms, inadequate key management, or defects in code...

7CVSS5.9AI score0.00031EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•3 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability. This vulnerability stems from cross-site request forgery, which allows attackers to forge cross-site requests using authenticated user sessions, thereb...

5.3CVSS5.7AI score0.00018EPSS

Exploits0References2

CVE•added 2026/05/26 9:39 a.m.•16 views

CVE-2026-44410

Technical details for CVE-2026-44410 are not publicly available in the provided documents. Monitor for updates from the vendor and CVE records for any concrete impact, affected components, or remediation.

3.8CVSS5.8AI score0.0002EPSS

Exploits0References1

RedhatCVE•added 2026/05/26 8:12 a.m.•5 views

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

7.5CVSS5.8AI score0.01634EPSS

Exploits3References1

RedhatCVE•added 2026/05/26 8:12 a.m.•7 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

7.5CVSS5.8AI score0.01485EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by