CVE-2020-6872 (GCVE-0-2020-6872)
Vulnerability from cvelistv5 – Published: 2020-07-20 17:02 – Updated: 2024-08-04 09:11
VLAI
Summary
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
Severity
6.1 (Medium)
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://support.zte.com.cn/support/news/LoopholeIn… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | <R5300G4?R8500G4?R5500G4> |
Affected:
<R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020
Affected: R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020 Affected: R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100> |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\u003cR5300G4?R8500G4?R5500G4\u003e",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
},
{
"status": "affected",
"version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
},
{
"status": "affected",
"version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T17:02:52.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2020-6872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\u003cR5300G4?R8500G4?R5500G4\u003e",
"version": {
"version_data": [
{
"version_value": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
},
{
"version_value": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
},
{
"version_value": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203",
"refsource": "MISC",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2020-6872",
"datePublished": "2020-07-20T17:02:52.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-6872",
"date": "2026-07-01",
"epss": "0.00744",
"percentile": "0.50193"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-6872\",\"sourceIdentifier\":\"psirt@zte.com.cn\",\"published\":\"2020-07-20T18:15:12.623\",\"lastModified\":\"2024-11-21T05:36:19.900\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo del software de administraci\u00f3n del servidor de ZTE presenta una vulnerabilidad de tipo XSS almacenado. El atacante inserta algunos c\u00f3digos de ataque por medio de la p\u00e1gina de inicio de sesi\u00f3n en primer plano, lo que causar\u00e1 que un usuario ejecute un script malicioso predefinido en el navegador. Esto afecta a las versiones (R5300G4V03.08.0100/V03.07.0300/ V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/ V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.002043; R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/ V03.05.0020; R5500G4V03.08.0100/V03.07.0200/V03.07.0100/ V03.06.0100)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r8500g4_firmware:03.05.0020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"427C281A-23B9-4798-8EB1-97ABEBFBBB46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r8500g4_firmware:03.05.0400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30294BA9-C5BC-4751-A64D-2AD69813322A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r8500g4_firmware:03.06.0100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E7A7130-A881-4D40-9EC9-816384B75A71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r8500g4_firmware:03.07.0101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE747C03-CBA0-4942-AF95-33F71200B353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r8500g4_firmware:03.07.0103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DD22DD-DA77-466D-B640-7910746795A7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:r8500g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30671825-122A-4F27-A8BF-5CEBEFA96A35\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5500g4_firmware:03.06.0100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF90E703-40FB-4A54-B67E-8E2E06E44D50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5500g4_firmware:03.07.0100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9034CF8E-BB91-4385-A044-9041DB0E9081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5500g4_firmware:03.07.0200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DF263BA-435F-44B1-8B64-F731D4812C1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5500g4_firmware:03.08.0100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1C40CD1-FC7D-4146-83DE-EDF6A37B0BA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:r5500g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F8F83DC-A10F-4AEA-BA76-14F9F0EA9D44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.04.0020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBCDBC33-A6FB-4A88-BC07-E1DB4E6B6CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.05.0040:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E238D3DB-5AF0-4A53-81B3-BABB7AFFDA41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.05.0043:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B845BC7-608E-4583-9D32-3F28FA069D6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.05.0044:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06246428-5693-4CF2-BEFE-0DAD52005A61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.05.0045:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F26029B1-BF93-4AEC-AC09-DCB77D423C2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.05.0046:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7123C8-26E4-44CE-9780-197C1D054236\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.05.0047:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0071FD6-B5A4-4959-A195-BE246DF0E28F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.07.0100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D88DD18D-681D-4854-BD32-67EF17DD47DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.07.0108:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3EB4B6-9649-4988-9FB8-3AF5BB4A4B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.07.0200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10446912-96D3-461E-8151-52C37EEA0863\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.07.0300:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C07D7CC-E7FD-480C-B8C3-580BD8CBCA0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:r5300g4_firmware:03.08.0100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32427DC0-A743-44A9-B001-CE7243F0F92F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:r5300g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56E434E-DFE6-4CCC-A2EA-EBC25DA5F6D0\"}]}]}],\"references\":[{\"url\":\"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203\",\"source\":\"psirt@zte.com.cn\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…