Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for r5500g4_firmware by zte

    CVE-2020-6872 (GCVE-0-2020-6872)

    Vulnerability from nvd – Published: 2020-07-20 17:02 – Updated: 2024-08-04 09:11
    VLAI
    Summary
    The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a <R5300G4?R8500G4?R5500G4> Affected: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020
    Affected: R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020
    Affected: R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:05.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u003cR5300G4?R8500G4?R5500G4\u003e",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                },
                {
                  "status": "affected",
                  "version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                },
                {
                  "status": "affected",
                  "version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-20T17:02:52.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2020-6872",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u003cR5300G4?R8500G4?R5500G4\u003e",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                              },
                              {
                                "version_value": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                              },
                              {
                                "version_value": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2020-6872",
        "datePublished": "2020-07-20T17:02:52.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:11:05.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6871 (GCVE-0-2020-6871)

    Vulnerability from nvd – Published: 2020-07-20 17:02 – Updated: 2024-08-04 09:11
    VLAI
    Summary
    The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>
    Severity
    No CVSS data available.
    CWE
    • authentication issues
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a <R5300G4?R8500G4?R5500G4> Affected: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020
    Affected: R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020
    Affected: R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:05.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u003cR5300G4?R8500G4?R5500G4\u003e",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                },
                {
                  "status": "affected",
                  "version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                },
                {
                  "status": "affected",
                  "version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication issues",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-20T17:02:29.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2020-6871",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u003cR5300G4?R8500G4?R5500G4\u003e",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                              },
                              {
                                "version_value": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                              },
                              {
                                "version_value": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2020-6871",
        "datePublished": "2020-07-20T17:02:29.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:11:05.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6872 (GCVE-0-2020-6872)

    Vulnerability from cvelistv5 – Published: 2020-07-20 17:02 – Updated: 2024-08-04 09:11
    VLAI
    Summary
    The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a <R5300G4?R8500G4?R5500G4> Affected: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020
    Affected: R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020
    Affected: R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:05.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u003cR5300G4?R8500G4?R5500G4\u003e",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                },
                {
                  "status": "affected",
                  "version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                },
                {
                  "status": "affected",
                  "version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-20T17:02:52.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2020-6872",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u003cR5300G4?R8500G4?R5500G4\u003e",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                              },
                              {
                                "version_value": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                              },
                              {
                                "version_value": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2020-6872",
        "datePublished": "2020-07-20T17:02:52.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:11:05.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6871 (GCVE-0-2020-6871)

    Vulnerability from cvelistv5 – Published: 2020-07-20 17:02 – Updated: 2024-08-04 09:11
    VLAI
    Summary
    The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>
    Severity
    No CVSS data available.
    CWE
    • authentication issues
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a <R5300G4?R8500G4?R5500G4> Affected: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020
    Affected: R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020
    Affected: R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:05.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u003cR5300G4?R8500G4?R5500G4\u003e",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                },
                {
                  "status": "affected",
                  "version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                },
                {
                  "status": "affected",
                  "version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "authentication issues",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-20T17:02:29.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2020-6871",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u003cR5300G4?R8500G4?R5500G4\u003e",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
                              },
                              {
                                "version_value": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
                              },
                              {
                                "version_value": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "authentication issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2020-6871",
        "datePublished": "2020-07-20T17:02:29.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:11:05.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }