CVE-2020-6862

Опубликовано: 17 янв. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Средний

Описание

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.

Ссылки

http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162
Vendor Advisory
http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:zte:f6x2w_firmware:6.0.10p2t2:*:*:*:*:*:*:*

cpe:2.3:o:zte:f6x2w_firmware:6.0.10p2t5:*:*:*:*:*:*:*

cpe:2.3:h:zte:f6x2w:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13274

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-669

Связанные уязвимости

GHSA-x239-hf9w-jv5x