CVE-2020-6868
Summary
| CVE | CVE-2020-6868 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-01 13:15:00 UTC |
| Updated | 2020-12-04 22:15:00 UTC |
| Description | There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6 |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Zte | F680 | - | All | All | All |
| Hardware | Zte | F680 | - | All | All | All |
| Operating System | Zte | F680 Firmware | zxhn_f680v9.0.10p1n6 | All | All | All |
| Operating System | Zte | F680 Firmware | zxhn_f680v9.0.10p1n6 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin Details | MISC | support.zte.com.cn | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.