Lucene search
K

37 matches found

Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.74 views

ZTE Routers - Unauthenticated Denial of Service

Exploit Title: ZTE Routers - Unauthenticated Denial of Service Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34473-unauthenticated-dos-zte-routers Version: Multiple ZTE router...

7.5CVSS5.8AI score0.02376EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/05/26 8:12 a.m.10 views

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

7.5CVSS5.8AI score0.02376EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.75 views

📄 ZTE ZXHN H298A / H108N Credential Disclosure

A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSERINFOIDPassword1, WLAN PSK WLANPSKKeyPassphrase1, and SSID in plaintext HTML. A second endpoint exposes the device serial number. -----BEGIN SECURITY...

7.5CVSS5.8AI score0.24681EPSS
Exploits3
EUVD
EUVD
added 2026/05/06 9:31 p.m.9 views

EUVD-2026-27881

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

7.5CVSS5.8AI score0.02376EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/05/06 12:0 a.m.9 views

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

5.8AI score0.02376EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-28024

Malware in sbrugna...

7.5CVSS7.5AI score0.01221EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-28023

Malware in sbrugna...

7.5CVSS7.5AI score0.0058EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.4 views

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

9.8CVSS7.6AI score0.00483EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.8 views

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

8.1CVSS7AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.6 views

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

9.8CVSS7.4AI score0.00483EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.7 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

8.1CVSS7.9AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.6 views

CVE-2020-6881

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device...

7.5CVSS7AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:29 p.m.5 views

CVE-2020-6882

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specifi...

7.5CVSS6.6AI score0.01221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/10 8:51 a.m.16 views

CVE-2024-22068 Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier...

6CVSS7AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/10 8:51 a.m.25 views

CVE-2024-22068 Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier...

6CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2024/09/16 9:15 p.m.9 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

8.1CVSS0.00561EPSS
Exploits0References1
NVD
NVD
added 2024/09/16 9:15 p.m.11 views

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

9.8CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2024/09/16 9:15 p.m.18 views

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

8.1CVSS0.0038EPSS
Exploits0References1
NVD
NVD
added 2024/09/16 9:15 p.m.10 views

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

9.8CVSS0.00483EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/16 12:0 a.m.17 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

6.6AI score0.00561EPSS
Exploits0References1
Rows per page
Query Builder