Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveZteCVE-2020-6871
HistoryJul 20, 2020 - 6:15 p.m.

CVE-2020-6871

2020-07-2018:15:12
CWE-287
zte
web.nvd.nist.gov
38
1
zte
server management
authentication issue
vulnerability
command execution
nvd
cve-2020-6871

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>

Affected configurations

Nvd
Node
zter8500g4Match-
AND
zter8500g4_firmwareMatch03.05.0020
OR
zter8500g4_firmwareMatch03.05.0400
OR
zter8500g4_firmwareMatch03.06.0100
OR
zter8500g4_firmwareMatch03.07.0101
OR
zter8500g4_firmwareMatch03.07.0103
Node
zter5500g4Match-
AND
zter5500g4_firmwareMatch03.06.0100
OR
zter5500g4_firmwareMatch03.07.0100
OR
zter5500g4_firmwareMatch03.07.0200
OR
zter5500g4_firmwareMatch03.08.0100
Node
zter5300g4Match-
AND
zter5300g4_firmwareMatch03.04.0020
OR
zter5300g4_firmwareMatch03.05.0040
OR
zter5300g4_firmwareMatch03.05.0043
OR
zter5300g4_firmwareMatch03.05.0044
OR
zter5300g4_firmwareMatch03.05.0045
OR
zter5300g4_firmwareMatch03.05.0046
OR
zter5300g4_firmwareMatch03.05.0047
OR
zter5300g4_firmwareMatch03.07.0100
OR
zter5300g4_firmwareMatch03.07.0108
OR
zter5300g4_firmwareMatch03.07.0200
OR
zter5300g4_firmwareMatch03.07.0300
OR
zter5300g4_firmwareMatch03.08.0100
VendorProductVersionCPE
zter8500g4-cpe:2.3:h:zte:r8500g4:-:*:*:*:*:*:*:*
zter8500g4_firmware03.05.0020cpe:2.3:o:zte:r8500g4_firmware:03.05.0020:*:*:*:*:*:*:*
zter8500g4_firmware03.05.0400cpe:2.3:o:zte:r8500g4_firmware:03.05.0400:*:*:*:*:*:*:*
zter8500g4_firmware03.06.0100cpe:2.3:o:zte:r8500g4_firmware:03.06.0100:*:*:*:*:*:*:*
zter8500g4_firmware03.07.0101cpe:2.3:o:zte:r8500g4_firmware:03.07.0101:*:*:*:*:*:*:*
zter8500g4_firmware03.07.0103cpe:2.3:o:zte:r8500g4_firmware:03.07.0103:*:*:*:*:*:*:*
zter5500g4-cpe:2.3:h:zte:r5500g4:-:*:*:*:*:*:*:*
zter5500g4_firmware03.06.0100cpe:2.3:o:zte:r5500g4_firmware:03.06.0100:*:*:*:*:*:*:*
zter5500g4_firmware03.07.0100cpe:2.3:o:zte:r5500g4_firmware:03.07.0100:*:*:*:*:*:*:*
zter5500g4_firmware03.07.0200cpe:2.3:o:zte:r5500g4_firmware:03.07.0200:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

CNA Affected

[
  {
    "product": "<R5300G4?R8500G4?R5500G4>",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "<R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
      },
      {
        "status": "affected",
        "version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
      },
      {
        "status": "affected",
        "version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>."
      }
    ]
  }
]

Social References

More

Related

prion 1
cvelist 1
nvd 1
prion
prion
Authentication flaw
2020-07-20 18:15:00
cvelist
cvelist
CVE-2020-6871
2020-07-20 17:02:29
nvd
nvd
CVE-2020-6871
2020-07-20 18:15:12

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON
Related for CVE-2020-6871
prion1cvelist1nvd1