CVE-2020-6874

Published: Sep 1, 2020Modified: Jun 17, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.

Affected (1)

Products: Zte: Zxiptv Firmware

1 product

Zxiptv Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxiptv Firmware	Version zxiptv-web-pv5.09.08.04

Running on/with	Platform Versions
Zte Zxiptv	All versions

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013463

Source: psirt@zte.com.cn

Vendor Advisory

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013463

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.