CVE-2020-6879

Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 19/11/2020 Updated: 02/12/2020

CVSS v2 Base Score: 2.7 | Impact Score: 2.9 | Exploitability Score: 5.1

CVSS v3 Base Score: 3.5 | Impact Score: 1.4 | Exploitability Score: 2.1

Vector: AV:A/AC:L/Au:S/C:N/I:P/A:N

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zte zxhn z500 firmware v1.0.0.2b1.1000
zte zxhn f670l firmware v1.1.10p1n2e

CWE-20 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-6879

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect