CVE-2020-6862
ZTE Router F602W - Captcha Bypass
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.
Las versiones V6.0.10P2T2 y V6.0.10P2T5 del producto F6x2W están afectadas por una vulnerabilidad de filtrado de información. Los usuarios no autorizados pueden iniciar sesión directamente para obtener información de la página sin ingresar un código de verificación.
The ZTE F602W router suffers from a CAPTCHA bypass vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-13 CVE Reserved
- 2020-01-17 CVE Published
- 2020-09-10 First Exploit
- 2024-08-04 CVE Updated
- 2024-10-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-669: Incorrect Resource Transfer Between Spheres
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/48801 | 2020-09-10 | |
| http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162 | 2022-04-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | F6x2w Firmware Search vendor "Zte" for product "F6x2w Firmware" | 6.0.10p2t2 Search vendor "Zte" for product "F6x2w Firmware" and version "6.0.10p2t2" | - |
Affected
| in | Zte Search vendor "Zte" | F6x2w Search vendor "Zte" for product "F6x2w" | - | - |
Safe
|
| Zte Search vendor "Zte" | F6x2w Firmware Search vendor "Zte" for product "F6x2w Firmware" | 6.0.10p2t5 Search vendor "Zte" for product "F6x2w Firmware" and version "6.0.10p2t5" | - |
Affected
| in | Zte Search vendor "Zte" | F6x2w Search vendor "Zte" for product "F6x2w" | - | - |
Safe
|