A Security Vulnerability in a ZTE Product

Original release date:  June 24, 2020

 

CVE ID

CVE-2020-6870

 

CVSS 3.1 Base Score

8.2 High AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

 

Description

The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

NetNumenU31R20

V12.17.20T115

V12.18.20T135

 

 
Source

The vulnerability was found by ZTE's internal test.

 
Update Records

June 24, 2020, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]