Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6871

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>

Published

2020-07-20T18:15:12.513

Last Modified

2024-11-21T05:36:19.800

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System zte r8500g4_firmware 03.05.0020 Yes
Operating System zte r8500g4_firmware 03.05.0400 Yes
Operating System zte r8500g4_firmware 03.06.0100 Yes
Operating System zte r8500g4_firmware 03.07.0101 Yes
Operating System zte r8500g4_firmware 03.07.0103 Yes
Hardware zte r8500g4 - No
Operating System zte r5500g4_firmware 03.06.0100 Yes
Operating System zte r5500g4_firmware 03.07.0100 Yes
Operating System zte r5500g4_firmware 03.07.0200 Yes
Operating System zte r5500g4_firmware 03.08.0100 Yes
Hardware zte r5500g4 - No
Operating System zte r5300g4_firmware 03.04.0020 Yes
Operating System zte r5300g4_firmware 03.05.0040 Yes
Operating System zte r5300g4_firmware 03.05.0043 Yes
Operating System zte r5300g4_firmware 03.05.0044 Yes
Operating System zte r5300g4_firmware 03.05.0045 Yes
Operating System zte r5300g4_firmware 03.05.0046 Yes
Operating System zte r5300g4_firmware 03.05.0047 Yes
Operating System zte r5300g4_firmware 03.07.0100 Yes
Operating System zte r5300g4_firmware 03.07.0108 Yes
Operating System zte r5300g4_firmware 03.07.0200 Yes
Operating System zte r5300g4_firmware 03.07.0300 Yes
Operating System zte r5300g4_firmware 03.08.0100 Yes
Hardware zte r5300g4 - No
References