Details of VAR-202002-1223

ID

VAR-202002-1223

CVE

CVE-2020-6864

TITLE

ZTE E8820V3 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14819 // CNNVD: CNNVD-202002-1267

DESCRIPTION

ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. ZTE E8820V3 is a gigabit dual-band 1200M smart router with WiFi

Trust: 2.16

sources: NVD: CVE-2020-6864 // JVNDB: JVNDB-2020-002380 // CNVD: CNVD-2020-14819

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-14819

AFFECTED PRODUCTS

vendor:	zte	model:	e8820v3	scope:	lt	version:	3.1.0.1000.5	Trust: 1.0
vendor:	zte	model:	e8820v3	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	e8820v3	scope:	lte	version:	<=v3.1.0.1000.4	Trust: 0.6
vendor:	zte	model:	e8820v3	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-14819 // JVNDB: JVNDB-2020-002380 // CNNVD: CNNVD-202002-1267 // NVD: CVE-2020-6864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6864
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002380
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-14819
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-1267
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-6864
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002380
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-14819
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-6864
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002380
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-14819 // JVNDB: JVNDB-2020-002380 // CNNVD: CNNVD-202002-1267 // NVD: CVE-2020-6864

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2020-002380 // NVD: CVE-2020-6864

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1267

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202002-1267

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002380

PATCH

title:	Two Vulnerabilities in a ZTE Router Product	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012382	Trust: 0.8
title:	Patch for ZTE E8820V3 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/206167	Trust: 0.6
title:	ZTE E8820V3 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110619	Trust: 0.6

sources: CNVD: CNVD-2020-14819 // JVNDB: JVNDB-2020-002380 // CNNVD: CNNVD-202002-1267

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6864	Trust: 3.0
db:	ZTE	id:	1012382	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-002380	Trust: 0.8
db:	CNVD	id:	CNVD-2020-14819	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-1267	Trust: 0.6

sources: CNVD: CNVD-2020-14819 // JVNDB: JVNDB-2020-002380 // CNNVD: CNNVD-202002-1267 // NVD: CVE-2020-6864

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-6864	Trust: 2.0
url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1012382	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6864	Trust: 0.8

sources: CNVD: CNVD-2020-14819 // JVNDB: JVNDB-2020-002380 // CNNVD: CNNVD-202002-1267 // NVD: CVE-2020-6864

SOURCES

db:	CNVD	id:	CNVD-2020-14819
db:	JVNDB	id:	JVNDB-2020-002380
db:	CNNVD	id:	CNNVD-202002-1267
db:	NVD	id:	CVE-2020-6864

LAST UPDATE DATE

2024-11-23T22:37:31.934000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-14819	date:	2020-03-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-002380	date:	2020-03-13T00:00:00
db:	CNNVD	id:	CNNVD-202002-1267	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2020-6864	date:	2024-11-21T05:36:19.143

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-14819	date:	2020-03-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-002380	date:	2020-03-13T00:00:00
db:	CNNVD	id:	CNNVD-202002-1267	date:	2020-02-27T00:00:00
db:	NVD	id:	CVE-2020-6864	date:	2020-02-27T17:15:11.893