VAR-202007-1342
Vulnerability from variot - Updated: 2024-11-23 21:35The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects . Shenzhen Zhongxing Mobile Communication Co., Ltd. was established in 2002 and is headquartered in Shenzhen High-tech Industrial Park. It is a national high-tech enterprise. Attackers can use the vulnerability to obtain user cookie information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.08.0100"
},
{
"model": "r8500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0020"
},
{
"model": "r5500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0100"
},
{
"model": "r8500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0103"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0044"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0046"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0300"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0100"
},
{
"model": "r8500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.06.0100"
},
{
"model": "r8500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0101"
},
{
"model": "r5500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0200"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.04.0020"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0040"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0200"
},
{
"model": "r5500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.06.0100"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.07.0108"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0045"
},
{
"model": "r8500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0400"
},
{
"model": "r5500g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.08.0100"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0043"
},
{
"model": "r5300g4",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "03.05.0047"
},
{
"model": "r5300g4",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "r5500g4",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "r8500g4",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "psirt r5300g4",
"scope": "eq",
"trust": 0.6,
"vendor": "zte mobile",
"version": "v03.08.0200"
},
{
"model": "psirt r8500g4",
"scope": "eq",
"trust": 0.6,
"vendor": "zte mobile",
"version": "v03.08.0200"
},
{
"model": "psirt r5500g4",
"scope": "eq",
"trust": 0.6,
"vendor": "zte mobile",
"version": "v03.08.0200"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41508"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zte:r5300g4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zte:r5500g4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zte:r8500g4_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
}
]
},
"cve": "CVE-2020-6872",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-6872",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008224",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-41508",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-6872",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008224",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6872",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-008224",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-41508",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1317",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41508"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1317"
},
{
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects \u003cR5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100\u003e. Shenzhen Zhongxing Mobile Communication Co., Ltd. was established in 2002 and is headquartered in Shenzhen High-tech Industrial Park. It is a national high-tech enterprise. Attackers can use the vulnerability to obtain user cookie information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6872"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "CNVD",
"id": "CNVD-2020-41508"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6872",
"trust": 3.0
},
{
"db": "ZTE",
"id": "1013203",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008224",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-41508",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1317",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41508"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1317"
},
{
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"id": "VAR-202007-1342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41508"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41508"
}
]
},
"last_update_date": "2024-11-23T21:35:25.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "1013203",
"trust": 0.8,
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"
},
{
"title": "ZTE R5300G4 , R8500G4 and R5500G4 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124982"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1317"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1013203"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6872"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6872"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1317"
},
{
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-41508"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1317"
},
{
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-41508"
},
{
"date": "2020-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"date": "2020-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1317"
},
{
"date": "2020-07-20T18:15:12.623000",
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-41508"
},
{
"date": "2020-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008224"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1317"
},
{
"date": "2024-11-21T05:36:19.900000",
"db": "NVD",
"id": "CVE-2020-6872"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1317"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE Cross-site scripting vulnerability in server management software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1317"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…