CVE Vulnerability

CVE-2020-6868

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6

3.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.5 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2020-06-01 01:15

Updated : 2020-12-04 10:15

NVD link : CVE-2020-6868

Mitre link : CVE-2020-6868

Products Affected
No products.
CWE
CWE-20