A Security Vulnerability in a ZTE Product

Original release date:  August 17, 2020

 

CVE ID

CVE-2020-6873  

 

CVSS 3.1 Base Score

5.3 Medium (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

 

Description

A ZTE product has a DoS vulnerability. Because the equipment couldnt distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXR10 2800-4_ALMPUFB(LOW)

All versions up to V3.00.40

V4.00.10 or later

 

Credit

Thanks to  Guo Chao of  Elex Cybersecurity Inc. for reporting the vulnerability to ZTE PSIRT.

 
Update Records

August 17, 2020, initial.

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.