Details of VAR-201610-0712

ID

VAR-201610-0712

TITLE

ZTE ZXECS EBG2800 has arbitrary file download vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-09053

DESCRIPTION

ZXECS EBG2800 is a converged communications product that integrates data, voice, security, behavior management and rich value-added business applications into a single system, providing various functions required by enterprises in a modular form. ZTE ZXECS EBG2800 'id' parameter has an arbitrary file download vulnerability. The vulnerability exists in the download.php file in the root directory of the website, allowing attackers to use the vulnerability to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2016-09053

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-09053

AFFECTED PRODUCTS

vendor:

zte

model:

zxecs ebg2800

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-09053

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-09053
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-09053
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-09053

PATCH

title:

ZTE ZXECS EBG2800 Arbitrary File Download Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/80557

Trust: 0.6

sources: CNVD: CNVD-2016-09053

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-09053

Trust: 0.6

sources: CNVD: CNVD-2016-09053

SOURCES

db:

CNVD

id:

CNVD-2016-09053

LAST UPDATE DATE

2022-05-04T09:11:45.713000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-09053

date:

2016-10-17T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-09053

date:

2016-10-03T00:00:00