Statement of Vulnerability in ZTE E5600 Product

Original release date:  October 13, 2020

 

 

Statement

An external researcher Kim kwonyeop reported a vulnerability in the E5600 product to ZTE PSIRT.

After analysis, we confirmed that there is an XSS vulnerability in E5600 product V1.0.7 and earlier versions. Remote attackers could launch XSS attacks to obtain sensitive user information by injecting executable scripts into Web modules.

Since the E5600 product has been out of the market in August 2019, ZTE strongly recommends you to choose our later product E500 for better security.

 

Acknowledgement

Thanks to Kim kwonyeop for reporting the security vulnerability to ZTE PSIRT.

 

Update Records

October 13, 2020, initial.

November 16, 2020, Updated statement.
 

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.