This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Zte First view 2018-11-14
Product Zxhn h168n Firmware Last view 2021-06-10
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:zte:zxhn_h168n_firmware:2.2.0_pk1.2t2:*:*:*:*:*:*:* 3
cpe:2.3:o:zte:zxhn_h168n_firmware:2.2.0_pk1.2t5:*:*:*:*:*:*:* 3
cpe:2.3:o:zte:zxhn_h168n_firmware:2.2.0_pk11t:*:*:*:*:*:*:* 3
cpe:2.3:o:zte:zxhn_h168n_firmware:2.2.0_pk11t7:*:*:*:*:*:*:* 3
cpe:2.3:o:zte:zxhn_h168n_firmware:3.5.0_ty.t6:*:*:*:*:*:*:* 2
cpe:2.3:o:zte:zxhn_h168n_firmware:3.5.0_eg1t5_te:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.5 2021-06-10 CVE-2021-21735

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.
9.8 2021-04-13 CVE-2021-21730

A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6
6.5 2021-04-13 CVE-2021-21729

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
8.8 2018-11-14 CVE-2018-7358

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
8.8 2018-11-14 CVE-2018-7357

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-352 Cross-Site Request Forgery (CSRF)
20% (1) CWE-330 Use of Insufficiently Random Values
20% (1) CWE-306 Missing Authentication for Critical Function
20% (1) CWE-287 Improper Authentication
20% (1) CWE-281 Improper Preservation of Permissions