CVE-2020-6879

Published: Nov 19, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.

Vendor	Product	Versions
n/a	ZXHN Z500	affected `Affects: V1.0.0.2B1.1000` affected `Fixed: V1.0.1.1B1.1000`
n/a	ZXHN F670L	affected `Affects: V1.1.10P1N2E` affected `Fixed: V1.1.10P2N2`

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-6879

Description

Affected Products

References