Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6872

The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.

Published

2020-07-20T18:15:12.623

Last Modified

2024-11-21T05:36:19.900

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System zte r8500g4_firmware 03.05.0020 Yes
Operating System zte r8500g4_firmware 03.05.0400 Yes
Operating System zte r8500g4_firmware 03.06.0100 Yes
Operating System zte r8500g4_firmware 03.07.0101 Yes
Operating System zte r8500g4_firmware 03.07.0103 Yes
Hardware zte r8500g4 - No
Operating System zte r5500g4_firmware 03.06.0100 Yes
Operating System zte r5500g4_firmware 03.07.0100 Yes
Operating System zte r5500g4_firmware 03.07.0200 Yes
Operating System zte r5500g4_firmware 03.08.0100 Yes
Hardware zte r5500g4 - No
Operating System zte r5300g4_firmware 03.04.0020 Yes
Operating System zte r5300g4_firmware 03.05.0040 Yes
Operating System zte r5300g4_firmware 03.05.0043 Yes
Operating System zte r5300g4_firmware 03.05.0044 Yes
Operating System zte r5300g4_firmware 03.05.0045 Yes
Operating System zte r5300g4_firmware 03.05.0046 Yes
Operating System zte r5300g4_firmware 03.05.0047 Yes
Operating System zte r5300g4_firmware 03.07.0100 Yes
Operating System zte r5300g4_firmware 03.07.0108 Yes
Operating System zte r5300g4_firmware 03.07.0200 Yes
Operating System zte r5300g4_firmware 03.07.0300 Yes
Operating System zte r5300g4_firmware 03.08.0100 Yes
Hardware zte r5300g4 - No
References