FKIE_CVE-2020-6872

Vulnerability from fkie_nvd - Published: 2020-07-20 18:15 - Updated: 2026-06-17 03:23
Summary
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
Impacted products
Vendor Product Version
zte r8500g4_firmware 03.05.0020
zte r8500g4_firmware 03.05.0400
zte r8500g4_firmware 03.06.0100
zte r8500g4_firmware 03.07.0101
zte r8500g4_firmware 03.07.0103
zte r8500g4 -
zte r5500g4_firmware 03.06.0100
zte r5500g4_firmware 03.07.0100
zte r5500g4_firmware 03.07.0200
zte r5500g4_firmware 03.08.0100
zte r5500g4 -
zte r5300g4_firmware 03.04.0020
zte r5300g4_firmware 03.05.0040
zte r5300g4_firmware 03.05.0043
zte r5300g4_firmware 03.05.0044
zte r5300g4_firmware 03.05.0045
zte r5300g4_firmware 03.05.0046
zte r5300g4_firmware 03.05.0047
zte r5300g4_firmware 03.07.0100
zte r5300g4_firmware 03.07.0108
zte r5300g4_firmware 03.07.0200
zte r5300g4_firmware 03.07.0300
zte r5300g4_firmware 03.08.0100
zte r5300g4 -

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "\u003cR5300G4?R8500G4?R5500G4\u003e",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"
            },
            {
              "status": "affected",
              "version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"
            },
            {
              "status": "affected",
              "version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e"
            }
          ]
        }
      ],
      "source": "psirt@zte.com.cn"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.05.0020:*:*:*:*:*:*:*",
              "matchCriteriaId": "427C281A-23B9-4798-8EB1-97ABEBFBBB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.05.0400:*:*:*:*:*:*:*",
              "matchCriteriaId": "30294BA9-C5BC-4751-A64D-2AD69813322A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.06.0100:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E7A7130-A881-4D40-9EC9-816384B75A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.07.0101:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE747C03-CBA0-4942-AF95-33F71200B353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.07.0103:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DD22DD-DA77-466D-B640-7910746795A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:r8500g4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30671825-122A-4F27-A8BF-5CEBEFA96A35",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.06.0100:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF90E703-40FB-4A54-B67E-8E2E06E44D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.07.0100:*:*:*:*:*:*:*",
              "matchCriteriaId": "9034CF8E-BB91-4385-A044-9041DB0E9081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.07.0200:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF263BA-435F-44B1-8B64-F731D4812C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.08.0100:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C40CD1-FC7D-4146-83DE-EDF6A37B0BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:r5500g4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F8F83DC-A10F-4AEA-BA76-14F9F0EA9D44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.04.0020:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBCDBC33-A6FB-4A88-BC07-E1DB4E6B6CF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0040:*:*:*:*:*:*:*",
              "matchCriteriaId": "E238D3DB-5AF0-4A53-81B3-BABB7AFFDA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0043:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B845BC7-608E-4583-9D32-3F28FA069D6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0044:*:*:*:*:*:*:*",
              "matchCriteriaId": "06246428-5693-4CF2-BEFE-0DAD52005A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0045:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26029B1-BF93-4AEC-AC09-DCB77D423C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0046:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7123C8-26E4-44CE-9780-197C1D054236",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0047:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0071FD6-B5A4-4959-A195-BE246DF0E28F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0100:*:*:*:*:*:*:*",
              "matchCriteriaId": "D88DD18D-681D-4854-BD32-67EF17DD47DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0108:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EB4B6-9649-4988-9FB8-3AF5BB4A4B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0200:*:*:*:*:*:*:*",
              "matchCriteriaId": "10446912-96D3-461E-8151-52C37EEA0863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0300:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C07D7CC-E7FD-480C-B8C3-580BD8CBCA0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.08.0100:*:*:*:*:*:*:*",
              "matchCriteriaId": "32427DC0-A743-44A9-B001-CE7243F0F92F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:r5300g4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56E434E-DFE6-4CCC-A2EA-EBC25DA5F6D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo del software de administraci\u00f3n del servidor de ZTE presenta una vulnerabilidad de tipo XSS almacenado. El atacante inserta algunos c\u00f3digos de ataque por medio de la p\u00e1gina de inicio de sesi\u00f3n en primer plano, lo que causar\u00e1 que un usuario ejecute un script malicioso predefinido en el navegador. Esto afecta a las versiones (R5300G4V03.08.0100/V03.07.0300/ V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/ V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.002043; R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/ V03.05.0020; R5500G4V03.08.0100/V03.07.0200/V03.07.0100/ V03.06.0100)"
    }
  ],
  "id": "CVE-2020-6872",
  "lastModified": "2026-06-17T03:23:57.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-20T18:15:12.623",
  "references": [
    {
      "source": "psirt@zte.com.cn",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
    }
  ],
  "sourceIdentifier": "psirt@zte.com.cn",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…