Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for mf920_firmware by zte
CVE-2019-3412 (GCVE-0-2019-3412)
Vulnerability from cvelistv5 – Published: 2019-06-11 19:20 – Updated: 2024-08-04 19:12
VLAI
EPSS
VEX
Summary
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.
Severity
9.8 (Critical)
CWE
- Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://support.zte.com.cn/support/news/LoopholeIn… | x_refsource_CONFIRM |
Impacted products
Date Public
2019-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZTE MF920",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "All versions up to BD_R218V2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T19:20:32.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZTE MF920",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "All versions up to BD_R218V2.4"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3412",
"datePublished": "2019-06-11T19:20:32.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3411 (GCVE-0-2019-3411)
Vulnerability from cvelistv5 – Published: 2019-06-11 19:19 – Updated: 2024-08-04 19:12
VLAI
EPSS
VEX
Summary
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.
Severity
8.1 (High)
CWE
- Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://support.zte.com.cn/support/news/LoopholeIn… | x_refsource_CONFIRM |
Impacted products
Date Public
2019-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZTE MF920",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "All versions up to BD_R218V2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T19:19:20.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZTE MF920",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "All versions up to BD_R218V2.4"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3411",
"datePublished": "2019-06-11T19:19:20.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3412 (GCVE-0-2019-3412)
Vulnerability from nvd – Published: 2019-06-11 19:20 – Updated: 2024-08-04 19:12
VLAI
EPSS
VEX
Summary
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.
Severity
9.8 (Critical)
CWE
- Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://support.zte.com.cn/support/news/LoopholeIn… | x_refsource_CONFIRM |
Impacted products
Date Public
2019-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZTE MF920",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "All versions up to BD_R218V2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T19:20:32.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZTE MF920",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "All versions up to BD_R218V2.4"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3412",
"datePublished": "2019-06-11T19:20:32.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3411 (GCVE-0-2019-3411)
Vulnerability from nvd – Published: 2019-06-11 19:19 – Updated: 2024-08-04 19:12
VLAI
EPSS
VEX
Summary
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.
Severity
8.1 (High)
CWE
- Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://support.zte.com.cn/support/news/LoopholeIn… | x_refsource_CONFIRM |
Impacted products
Date Public
2019-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZTE MF920",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "All versions up to BD_R218V2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T19:19:20.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZTE MF920",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "All versions up to BD_R218V2.4"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2019-3411",
"datePublished": "2019-06-11T19:19:20.000Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}