CVE-2020-6868 — MEDIUM (6.5)

Vulnerability Description

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Zte	F680 Firmware	zxhn_f680v9.0.10p1n6
Zte	F680	-

Related Weaknesses (CWE)

CWE-20

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866Vendor Advisory

FAQ

What is CVE-2020-6868?

CVE-2020-6868 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN con...

How severe is CVE-2020-6868?

CVE-2020-6868 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6868?

Check the references section above for vendor advisories and patch information. Affected products include: Zte F680 Firmware, Zte F680.