Sign-up

ID

VAR-202006-1680


CVE

CVE-2020-6868


TITLE

ZTE F680 input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-41079 // CNNVD: CNNVD-202006-023

DESCRIPTION

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6. ZTE F680 is a dual-band GPON home gateway device with external antennas from ZTE Corporation of China. There is a security vulnerability in the ZTE F680 V9.0.10P1N6 version, which stems from incorrect access control. Attackers can use this vulnerability to tamper with the program interface parameters to perform unauthenticated operations

Trust: 2.25

sources: NVD: CVE-2020-6868 // JVNDB: JVNDB-2020-006056 // CNVD: CNVD-2020-41079 // VULMON: CVE-2020-6868

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41079

AFFECTED PRODUCTS

vendor:ztemodel:f680scope:eqversion:zxhn_f680v9.0.10p1n6

Trust: 1.0

vendor:ztemodel:f680scope:eqversion:9.0.10p1n6

Trust: 0.8

vendor:ztemodel:f680 v9.0.10p1n6scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-41079 // JVNDB: JVNDB-2020-006056 // NVD: CVE-2020-6868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6868
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006056
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-41079
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-023
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-6868
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-6868
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006056
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-41079
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-6868
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006056
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-41079 // VULMON: CVE-2020-6868 // JVNDB: JVNDB-2020-006056 // CNNVD: CNNVD-202006-023 // NVD: CVE-2020-6868

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-006056 // NVD: CVE-2020-6868

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-023

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-023

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006056

PATCH
title:Access Control Vulnerability in a ZTE's PON terminal producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866
Trust: 0.8
title:Patch for ZTE F680 input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/226223
Trust: 0.6
title:ZTE F680 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120595
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-41079 // 
            
            
            
            JVNDB: JVNDB-2020-006056 // 
            
            
            
            CNNVD: CNNVD-202006-023

EXTERNAL IDS
db:NVDid:CVE-2020-6868
Trust: 3.1
db:ZTEid:1012866
Trust: 1.7
db:JVNDBid:JVNDB-2020-006056
Trust: 0.8
db:CNVDid:CNVD-2020-41079
Trust: 0.6
db:CNNVDid:CNNVD-202006-023
Trust: 0.6
db:VULMONid:CVE-2020-6868
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-41079 // 
            
            
            
            VULMON: CVE-2020-6868 // 
            
            
            
            JVNDB: JVNDB-2020-006056 // 
            
            
            
            CNNVD: CNNVD-202006-023 // 
            
            
            
            NVD: CVE-2020-6868

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-6868
Trust: 2.0
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1012866
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6868
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-41079 // 
            
            
            
            VULMON: CVE-2020-6868 // 
            
            
            
            JVNDB: JVNDB-2020-006056 // 
            
            
            
            CNNVD: CNNVD-202006-023 // 
            
            
            
            NVD: CVE-2020-6868

SOURCES
db:CNVDid:CNVD-2020-41079
db:VULMONid:CVE-2020-6868
db:JVNDBid:JVNDB-2020-006056
db:CNNVDid:CNNVD-202006-023
db:NVDid:CVE-2020-6868

LAST UPDATE DATE
2024-11-23T21:35:39.937000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-41079date:2020-07-20T00:00:00
db:VULMONid:CVE-2020-6868date:2020-12-04T00:00:00
db:JVNDBid:JVNDB-2020-006056date:2020-06-29T00:00:00
db:CNNVDid:CNNVD-202006-023date:2020-12-07T00:00:00
db:NVDid:CVE-2020-6868date:2024-11-21T05:36:19.520

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-41079date:2020-07-20T00:00:00
db:VULMONid:CVE-2020-6868date:2020-06-01T00:00:00
db:JVNDBid:JVNDB-2020-006056date:2020-06-29T00:00:00
db:CNNVDid:CNNVD-202006-023date:2020-06-01T00:00:00
db:NVDid:CVE-2020-6868date:2020-06-01T13:15:10.267