A Security Vulnerability in a ZTE Product

Initial release date:  November 5, 2020

  

CVE ID

CVE-2020-6877

 

CVSS 3.1 Base Score

6.3 Medium (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

 

Description

A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. 

 
Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXA10 eODN

V2.3P2T1

V2.3.0.03

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

 November 5, 2020, initial.

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]