Two Vulnerabilities in a ZTE Router Product

Original release date: 27 February, 2020
 

CVE ID

CVE-2020-6863

CVE-2020-6864

 

CVSS 3.0 Base Score

CVE-2020-6863 4.1 Medium (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)

CVE-2020-6864 5.8 Medium (AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)

 

Description

CVE-2020-6863: ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL.

CVE-2020-6864: ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.

 

Product Name

Affected Version

Resolved Version

ZTE E8820V3

All versions up to V3.1.0.1000.4

V3.1.0.1000.5

 

Source

The vulnerabilities were found by ZTE internal testing.

 

Update Records

27 February, 2020, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]