|
Original release date: August 17, 2020 CVE ID CVE-2020-6873 CVSS 3.1 Base Score 5.3 Medium (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Description A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXR10 2800-4_ALMPUFB(LOW) | All versions up to V3.00.40 | V4.00.10 or later |
Credit Thanks to Guo Chao of Elex Cybersecurity Inc. for reporting the vulnerability to ZTE PSIRT.
Update Records August 17, 2020, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|