Vulnerabilites related to zte - zxhn_h108n
Vulnerability from fkie_nvd
Published
2019-11-13 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxhn_h108n_firmware | * | |
| zte | zxhn_h108n | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:zxhn_h108n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "06D70B60-FAF2-4E29-B361-FD2A6A4B9FC5", versionEndIncluding: "2.5.0_eg1t5_ted", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", matchCriteriaId: "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.", }, { lang: "es", value: "Todas las versiones hasta V2.5.0_EG1T5_TED del producto ZTE ZXHN H108N se ven afectadas por una vulnerabilidad de fuga de información. Un atacante podría explotar la vulnerabilidad para obtener información confidencial y realizar operaciones no autorizadas.", }, ], id: "CVE-2019-3420", lastModified: "2024-11-21T04:42:03.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-13T23:15:11.637", references: [ { source: "psirt@zte.com.cn", tags: [ "Vendor Advisory", ], url: "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802", }, ], sourceIdentifier: "psirt@zte.com.cn", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-29 15:29
Modified
2024-11-21 02:36
Severity ?
Summary
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/566724 | Mitigation, Third Party Advisory, US Government Resource | |
| cret@cert.org | https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | Third Party Advisory | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/566724 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | ox-330p_firmware | - | |
| zte | ox-330p | - | |
| zte | zxhn_h108n_firmware | - | |
| zte | zxhn_h108n | - | |
| zte | w300v1.0.0s_zrd_tr1_d68_firmware | - | |
| zte | w300v1.0.0s_zrd_tr1_d68 | - | |
| zte | hg110_firmware | - | |
| zte | hg110 | - | |
| zte | gan9.8t101a-b_firmware | - | |
| zte | gan9.8t101a-b | - | |
| zte | mf28g_firmware | - | |
| zte | mf28g | - | |
| zte | zxhn_h108n_firmware | - | |
| zte | zxhn_h108n | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB20B496-6386-49B4-9103-45729D61F435", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*", matchCriteriaId: "952793D7-1F57-42F3-9379-F9A31289E4AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A4D2542D-8293-415B-903E-2F21F0D76B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", matchCriteriaId: "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:w300v1.0.0s_zrd_tr1_d68_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "499B358C-5391-4BD4-AE41-CF5FBE7275D7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:w300v1.0.0s_zrd_tr1_d68:-:*:*:*:*:*:*:*", matchCriteriaId: "913EF52F-FF31-4CC7-B875-4998D00C4DE2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:hg110_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "807D447D-DEC7-4C57-8DC2-6331CDF0E5D2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:hg110:-:*:*:*:*:*:*:*", matchCriteriaId: "D5230DF2-DBBB-4056-B4BD-582AD0E57452", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:gan9.8t101a-b_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ABF80049-ED6B-4161-AA35-1460E1EA7E50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:gan9.8t101a-b:-:*:*:*:*:*:*:*", matchCriteriaId: "1C73083E-D6FA-4AB2-8C21-22101232AC67", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:mf28g_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5C233563-DBCE-4DC5-B28C-C7EFABDB11D4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:mf28g:-:*:*:*:*:*:*:*", matchCriteriaId: "5EAFEC2D-3EBF-43D8-A662-A8D206A1E885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A4D2542D-8293-415B-903E-2F21F0D76B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", matchCriteriaId: "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.", }, { lang: "es", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, y ZXHN H108N utilizan certificados X.509 no únicos y claves de host SSH, lo que puede permitir a los atacantes remotos que obtengan credenciales u otra información sensible a través de un ataque Man-in-the-Middle (MitM), un ataque de descifrado pasivo o mediante la suplantación de un dispositivo legítimo.", }, ], id: "CVE-2015-7255", lastModified: "2024-11-21T02:36:26.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-29T15:29:00.517", references: [ { source: "cret@cert.org", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 16:15
Modified
2024-11-21 05:48
Severity ?
Summary
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxhn_h168n_firmware | 3.5.0_eg1t5_te | |
| zte | zxhn_h168n | - | |
| zte | zxhn_h108n_firmware | 2.5.5_btmt1 | |
| zte | zxhn_h108n | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:zxhn_h168n_firmware:3.5.0_eg1t5_te:*:*:*:*:*:*:*", matchCriteriaId: "504FD446-1E1A-45DD-AB20-38C665AB4E4E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:zxhn_h168n:-:*:*:*:*:*:*:*", matchCriteriaId: "391EB61C-0A7B-48A6-8BBD-944C848ACD10", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:zxhn_h108n_firmware:2.5.5_btmt1:*:*:*:*:*:*:*", matchCriteriaId: "02F52956-9DFE-4FB6-887D-130E762237DA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", matchCriteriaId: "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1", }, { lang: "es", value: "Algunos productos ZTE presentan una vulnerabilidad de tipo CSRF. Debido a que algunas páginas presentan un fallo de verificación de valor aleatorio de CSRF, atacantes podrían llevar a cabo operaciones de autorización ilegales mediante la construcción de mensajes. Esto afecta a: ZXHN H168N versión V3.5.0_EG1T5_TE, versión V2.5.5, ZXHN H108N V2.5.5_BTMT1", }, ], id: "CVE-2021-21729", lastModified: "2024-11-21T05:48:53.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-13T16:15:12.373", references: [ { source: "psirt@zte.com.cn", tags: [ "Vendor Advisory", ], url: "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904", }, ], sourceIdentifier: "psirt@zte.com.cn", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-330", }, { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-3420
Vulnerability from cvelistv5
Published
2019-11-13 22:29
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ZXHN H108N |
Version: V2.5.0_EG1T5_TED |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:12:09.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ZXHN H108N", vendor: "n/a", versions: [ { status: "affected", version: "V2.5.0_EG1T5_TED", }, ], }, ], descriptions: [ { lang: "en", value: "All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.", }, ], problemTypes: [ { descriptions: [ { description: "information leak", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-27T16:56:35", orgId: "6786b568-6808-4982-b61f-398b0d9679eb", shortName: "zte", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@zte.com.cn", ID: "CVE-2019-3420", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ZXHN H108N", version: { version_data: [ { version_value: "V2.5.0_EG1T5_TED", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information leak", }, ], }, ], }, references: { reference_data: [ { name: "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802", refsource: "CONFIRM", url: "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011802", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6786b568-6808-4982-b61f-398b0d9679eb", assignerShortName: "zte", cveId: "CVE-2019-3420", datePublished: "2019-11-13T22:29:36", dateReserved: "2018-12-31T00:00:00", dateUpdated: "2024-08-04T19:12:09.436Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7255
Vulnerability from cvelistv5
Published
2017-08-29 15:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/566724 | third-party-advisory, x_refsource_CERT-VN | |
| https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:43:46.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#566724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-25T00:00:00", descriptions: [ { lang: "en", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-29T14:57:02", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "VU#566724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { tags: [ "x_refsource_MISC", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2015-7255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "VU#566724", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/566724", }, { name: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", refsource: "MISC", url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { name: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", refsource: "MISC", url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2015-7255", datePublished: "2017-08-29T15:00:00", dateReserved: "2015-09-18T00:00:00", dateUpdated: "2024-08-06T07:43:46.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-21729
Vulnerability from cvelistv5
Published
2021-04-13 15:13
Modified
2024-08-03 18:23
Severity ?
EPSS score ?
Summary
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ZXHN H168N,ZXHN H108N |
Version: V3.5.0_EG1T5_TE Version: V2.5.5_BTMT1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:23:29.233Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ZXHN H168N,ZXHN H108N", vendor: "n/a", versions: [ { status: "affected", version: "V3.5.0_EG1T5_TE", }, { status: "affected", version: "V2.5.5_BTMT1", }, ], }, ], descriptions: [ { lang: "en", value: "Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1", }, ], problemTypes: [ { descriptions: [ { description: "CSRF", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-13T15:13:26", orgId: "6786b568-6808-4982-b61f-398b0d9679eb", shortName: "zte", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@zte.com.cn", ID: "CVE-2021-21729", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ZXHN H168N,ZXHN H108N", version: { version_data: [ { version_value: "V3.5.0_EG1T5_TE", }, { version_value: "V2.5.5_BTMT1", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CSRF", }, ], }, ], }, references: { reference_data: [ { name: "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904", refsource: "MISC", url: "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6786b568-6808-4982-b61f-398b0d9679eb", assignerShortName: "zte", cveId: "CVE-2021-21729", datePublished: "2021-04-13T15:13:26", dateReserved: "2021-01-04T00:00:00", dateUpdated: "2024-08-03T18:23:29.233Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }