CVE-2020-6881 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zte	Zxhn E8810 Firmware	1.0.26
Zte	Zxhn E8810	-
Zte	Zxhn E8820 Firmware	1.1.3
Zte	Zxhn E8820	-
Zte	Zxhn E8822 Firmware	2.0.13
Zte	Zxhn E8822	-

Related Weaknesses (CWE)

CWE-346

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202Vendor Advisory

FAQ

What is CVE-2020-6881?

CVE-2020-6881 is a vulnerability with a CVSS score of 7.5 (HIGH). ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQ...

How severe is CVE-2020-6881?

CVE-2020-6881 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6881?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxhn E8810 Firmware, Zte Zxhn E8810, Zte Zxhn E8820 Firmware, Zte Zxhn E8820, Zte Zxhn E8822 Firmware.