21 matches found
EUVD-2017-2572
Malware in sbrugna...
EUVD-2017-2575
Malware in sbrugna...
EUVD-2020-28016
Malware in sbrugna...
CVE-2020-6874
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...
ZTE ZXIPTV Cross-Site Scripting Vulnerability
ZTE ZXIPTV is a set-top box from ZTE ZTE. A cross-site scripting vulnerability exists in ZTE ZXIPTV EASP version 5.06.04.09, which stems from the application's lack of validation of user input data and filtering of input data. The vulnerability can be exploited by an attacker to trick a user into...
CVE-2020-6874
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...
CVE-2020-6874
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...
Design/Logic Flaw
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...
CVE-2020-6874
Technical details (affected products, root cause, exact vulnerable component, and fixes) are not publicly provided in the connected documents. Monitor for updates from vendors/authorities.
CVE-2020-6874
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...
ZTE ZXIPTV-EPG Java Deserialization Vulnerability
ZTE ZXIPTV-EPG A set-top box device from China's ZTE Corporation ZTE. A Java deserialization vulnerability exists in ZTE ZXIPTV-EPG versions prior to 5.09.02.02T4. The vulnerability stems from the server's use of the Apache Commons Collections ACC library in the Java RMI service used, and can be...
CVE-2017-10934
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections ACC library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a...
CVE-2017-10934
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections ACC library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a...
CVE-2017-10937
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information...
CVE-2017-10937
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information...
Deserialization of untrusted data
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections ACC library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a...
Sql injection
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information...
CVE-2017-10937
CVE-2017-10937 affects ZTE ZXIPTV-UCM set‑top boxes; all versions prior to 2.01.05.09 are vulnerable to a SQL injection via the opertype parameter. This allows a remote attacker to execute arbitrary SQL and disclose database information. No exploitation details are provided in the source document...
CVE-2017-10937
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information...
CVE-2017-10934
This CVE (CVE-2017-10934) affects ZTE ZXIPTV-EPG prior to version 5.09.02.02T4. The issue stems from the Java RMI service using the Apache Commons Collections library, leading to Java deserialization vulnerabilities. An unauthenticated remote attacker could trigger code execution on the target ho...