Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6870

The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115

Published

2020-06-24T16:15:10.987

Last Modified

2024-11-21T05:36:19.710

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

5.1

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	netnumen_u31_r10_firmware	v12.17.20t115	Yes
Hardware	zte	netnumen_u31_r10	-	No

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013043 Vendor Advisory ([email protected])
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013043 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)