CVE-2020-6872

CVSS V2 Medium 4.3 CVSS V3 Medium 6.1
Description
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
Overview
  • CVE ID
  • CVE-2020-6872
  • Assigner
  • psirt@zte.com.cn
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-07-20T18:15:12
  • Last Modified Date
  • 2020-07-24T14:01:40
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:zte:r8500g4_firmware:03.05.0020:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r8500g4_firmware:03.05.0400:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r8500g4_firmware:03.06.0100:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r8500g4_firmware:03.07.0101:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r8500g4_firmware:03.07.0103:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zte:r8500g4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zte:r5500g4_firmware:03.06.0100:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5500g4_firmware:03.07.0100:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5500g4_firmware:03.07.0200:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5500g4_firmware:03.08.0100:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zte:r5500g4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zte:r5300g4_firmware:03.04.0020:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.05.0040:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.05.0043:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.05.0044:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.05.0045:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.05.0046:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.05.0047:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.07.0100:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.07.0108:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.07.0200:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.07.0300:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:zte:r5300g4_firmware:03.08.0100:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zte:r5300g4:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
References
History
Created Old Value New Value Data Type Notes
2022-05-10 16:39:52 Added to TrackCVE
2022-12-04 20:04:18 2020-07-20T18:15Z 2020-07-20T18:15:12 CVE Published Date updated
2022-12-04 20:04:18 2020-07-24T14:01:40 CVE Modified Date updated
2022-12-04 20:04:18 Analyzed Vulnerability Status updated