FKIE_CVE-2020-6867
Vulnerability from fkie_nvd - Published: 2020-04-30 22:15 - Updated: 2026-06-17 03:23
Severity
Summary
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zenic_one_r22b | 6.19.10p02sp005 | |
| zte | zenic_one_r22b | 16.19.10p02sp002 |
{
"affected": [
{
"affectedData": [
{
"product": "ZENIC ONE R22b",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V16.19.10P02SP002"
},
{
"status": "affected",
"version": "V16.19.10P02SP005"
}
]
}
],
"source": "psirt@zte.com.cn"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zenic_one_r22b:6.19.10p02sp005:*:*:*:*:*:*:*",
"matchCriteriaId": "F5876A67-E2FB-4847-AD2F-0D013CE9ADDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zte:zenic_one_r22b:16.19.10p02sp002:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8E7293-C414-4694-B629-FD8AEC8F171F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZTE\u0027s SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005."
},
{
"lang": "es",
"value": "El controlador SDON de ZTE est\u00e1 afectado por una vulnerabilidad de error de administraci\u00f3n de los recursos. Cuando RPC es frecuentemente llamado por otras aplicaciones en el caso de datos de tr\u00e1fico masivo en el sistema, resultar\u00eda en no responder por un largo tiempo y un riesgo de desbordamiento de memoria. Esto afecta a: ZENIC ONE R22b versiones V16.19.10P02SP002 y V16.19.10P02SP005."
}
],
"id": "CVE-2020-6867",
"lastModified": "2026-06-17T03:23:56.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-30T22:15:12.247",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012842"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…