CVE-2020-6868

Опубликовано: 01 июн. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6

Ссылки

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866
Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zte:f680_firmware:zxhn_f680v9.0.10p1n6:*:*:*:*:*:*:*

cpe:2.3:h:zte:f680:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-5jf8-xj9j-425m

github

больше 3 лет назад

ZTE's PON terminal product is impacted by the access control vulnerability. Due to the system not performing correct access control on some program interfaces, an attacker could use this vulnerability to tamper with the program interface parameters to perform unauthenticated operations. This affects: <ZTE F680><V9.0.10P1N6>