CVE-2020-6868
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6
Existe una vulnerabilidad de validación de entrada en un producto terminal PON de ZTE, que soporta la creación de conexiones WAN a través de páginas de gestión WEB. El front-end limita la longitud del nombre de la conexión WAN que se crea, pero el proxy HTTP está disponible para ser utilizado para evitar la limitación. Un atacante puede explotar la vulnerabilidad para manipular el valor del parámetro. Esto afecta: ZTE F680 V9.0.10P1N6
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-13 CVE Reserved
- 2020-06-01 CVE Published
- 2024-03-03 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866 | 2020-12-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | F680 Firmware Search vendor "Zte" for product "F680 Firmware" | zxhn_f680v9.0.10p1n6 Search vendor "Zte" for product "F680 Firmware" and version "zxhn_f680v9.0.10p1n6" | - |
Affected
| in | Zte Search vendor "Zte" | F680 Search vendor "Zte" for product "F680" | - | - |
Safe
|