CVE-2020-6879

EPSS 0.04%
Veröffentlicht 19.11.2020 17:15:13
Zuletzt bearbeitet 21.11.2024 05:36:20
Quelle psirt@zte.com.cn
CVE-Watchlists
Login
Unerledigt
Login

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zte ≫ Zxhn Z500 Firmware Versionv1.0.0.2b1.1000

Zte ≫ Zxhn Z500 Version-

Zte ≫ Zxhn F670l Firmware Versionv1.1.10p1n2e

Zte ≫ Zxhn F670l Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	2.1	1.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	2.7	5.1	2.9	AV:A/AC:L/Au:S/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-6879

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6879

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6879

EUVD