Details of VAR-202001-1713

ID

VAR-202001-1713

CVE

CVE-2020-6862

TITLE

F6x2W Information disclosure vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-001501

DESCRIPTION

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code. ZTE Router is a wireless router equipment of ZTE Corporation. Unauthorized attackers can use vulnerabilities to obtain sensitive information about affected components

Trust: 2.16

sources: NVD: CVE-2020-6862 // JVNDB: JVNDB-2020-001501 // CNVD: CNVD-2020-52032

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-52032

AFFECTED PRODUCTS

vendor:	zte	model:	f6x2w	scope:	eq	version:	6.0.10p2t5	Trust: 1.0
vendor:	zte	model:	f6x2w	scope:	eq	version:	6.0.10p2t2	Trust: 1.0
vendor:	zte	model:	f6x2w	scope:	eq	version:	-	Trust: 0.8
vendor:	zte	model:	f6x2w	scope:	eq	version:	f6x2w firmware 6.0.10p2t2	Trust: 0.8
vendor:	zte	model:	f6x2w	scope:	eq	version:	f6x2w firmware 6.0.10p2t5	Trust: 0.8
vendor:	zte	model:	f6x2w v6.0.10p2t2	scope:	-	version:	-	Trust: 0.6
vendor:	zte	model:	f6x2w v6.0.10p2t5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-52032 // JVNDB: JVNDB-2020-001501 // NVD: CVE-2020-6862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6862
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-6862
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-52032
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202001-868
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-6862
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-52032
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-6862
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-6862
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-52032 // JVNDB: JVNDB-2020-001501 // CNNVD: CNNVD-202001-868 // NVD: CVE-2020-6862

PROBLEMTYPE DATA

problemtype:	CWE-669	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-001501 // NVD: CVE-2020-6862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-868

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202001-868

PATCH

title:	Information Leak Vulnerability in ZTE F6x2W	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162	Trust: 0.8
title:	Patch for Information disclosure vulnerability in ZTE Router F602W	url:	https://www.cnvd.org.cn/patchInfo/show/233794	Trust: 0.6
title:	F6x2W Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107186	Trust: 0.6

sources: CNVD: CNVD-2020-52032 // JVNDB: JVNDB-2020-001501 // CNNVD: CNNVD-202001-868

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6862	Trust: 3.0
db:	PACKETSTORM	id:	159135	Trust: 1.6
db:	ZTE	id:	1012162	Trust: 1.6
db:	EXPLOIT-DB	id:	48801	Trust: 1.2
db:	JVNDB	id:	JVNDB-2020-001501	Trust: 0.8
db:	CNVD	id:	CNVD-2020-52032	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-868	Trust: 0.6

sources: CNVD: CNVD-2020-52032 // JVNDB: JVNDB-2020-001501 // CNNVD: CNNVD-202001-868 // NVD: CVE-2020-6862

REFERENCES

url:	http://packetstormsecurity.com/files/159135/zte-f602w-captcha-bypass.html	Trust: 1.6
url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1012162	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6862	Trust: 1.4
url:	https://www.exploit-db.com/exploits/48801;	Trust: 1.2

sources: CNVD: CNVD-2020-52032 // JVNDB: JVNDB-2020-001501 // CNNVD: CNNVD-202001-868 // NVD: CVE-2020-6862

CREDITS

Hritik Vijay

Trust: 0.6

sources: CNNVD: CNNVD-202001-868

SOURCES

db:	CNVD	id:	CNVD-2020-52032
db:	JVNDB	id:	JVNDB-2020-001501
db:	CNNVD	id:	CNNVD-202001-868
db:	NVD	id:	CVE-2020-6862

LAST UPDATE DATE

2024-11-23T22:48:09.240000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-52032	date:	2020-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-001501	date:	2020-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202001-868	date:	2022-04-27T00:00:00
db:	NVD	id:	CVE-2020-6862	date:	2024-11-21T05:36:18.940

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-52032	date:	2020-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-001501	date:	2020-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202001-868	date:	2020-01-17T00:00:00
db:	NVD	id:	CVE-2020-6862	date:	2020-01-17T18:15:13.353