CVE-2020-6871
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>
Affected (21)
Products: Zte: R8500g4 Firmware, R5500g4 Firmware, R5300g4 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 03.05.0020 |
| Running on/with | Platform Versions |
|---|---|
Zte R8500g4 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 03.06.0100 |
| Running on/with | Platform Versions |
|---|---|
Zte R5500g4 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 03.04.0020 |
| Running on/with | Platform Versions |
|---|---|
Zte R5300g4 | All versions |
References (2)
Source: psirt@zte.com.cn
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.