|
Original Release Date: May 8, 2020
CVE ID
CVE-2020-6868
CVSS 3.1 Base Score
3.5 Low (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Description There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value.
Affected Products and Fixes
|
Product Name |
Affected Version |
Resolved Version |
|
ZTE F680 |
ZXHN F680V9.0.10P1N6 |
ZXHN F680V9.0.10P1N5D_release |
Source
The vulnerability was found by ZTE's internal test.
Update Records
May 8, 2020, initial. November 23,2020, Modified the description
Supporting team contacts
1. ZTE GCSC hotline:
0755-26770800
800-830-1118
400-830-1118
2. Product forum at ZTE Support website.
ZTE PSIRT
If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|