|
Original release date: 27 February, 2020 CVE ID CVE-2020-6863 CVE-2020-6864 CVSS 3.0 Base Score CVE-2020-6863 4.1 Medium (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L) CVE-2020-6864 5.8 Medium (AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L) Description CVE-2020-6863: ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. CVE-2020-6864: ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. Product Name | Affected Version | Resolved Version | ZTE E8820V3 | All versions up to V3.1.0.1000.4 | V3.1.0.1000.5 |
Source The vulnerabilities were found by ZTE internal testing. Update Records 27 February, 2020, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|