Sign-up

ID

VAR-202006-1681


CVE

CVE-2020-6869


TITLE

ZTEMarket APK Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006877

DESCRIPTION

All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. ZTEMarket APK is an app store installer from the Chinese company ZTE Corporation (ZTE)

Trust: 1.71

sources: NVD: CVE-2020-6869 // JVNDB: JVNDB-2020-006877 // VULHUB: VHN-184994

AFFECTED PRODUCTS

vendor:ztemodel:ztemarket apkscope:lteversion:10.06

Trust: 1.0

vendor:ztemodel:ztemarket apkscope:eqversion:10.06

Trust: 0.8

sources: JVNDB: JVNDB-2020-006877 // NVD: CVE-2020-6869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6869
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006877
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1193
value: HIGH

Trust: 0.6

VULHUB: VHN-184994
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6869
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006877
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184994
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6869
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006877
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184994 // JVNDB: JVNDB-2020-006877 // CNNVD: CNNVD-202006-1193 // NVD: CVE-2020-6869

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-184994 // JVNDB: JVNDB-2020-006877 // NVD: CVE-2020-6869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1193

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1193

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006877

PATCH
title:Security Vulnerability in ZTEMarket APKurl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013022
Trust: 0.8
title:ZTEMarket APK Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122558
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006877 // 
            
            
            
            CNNVD: CNNVD-202006-1193

EXTERNAL IDS
db:NVDid:CVE-2020-6869
Trust: 2.5
db:ZTEid:1013022
Trust: 1.7
db:JVNDBid:JVNDB-2020-006877
Trust: 0.8
db:CNNVDid:CNNVD-202006-1193
Trust: 0.7
db:CNVDid:CNVD-2020-52691
Trust: 0.1
db:VULHUBid:VHN-184994
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184994 // 
            
            
            
            JVNDB: JVNDB-2020-006877 // 
            
            
            
            CNNVD: CNNVD-202006-1193 // 
            
            
            
            NVD: CVE-2020-6869

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1013022
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-6869
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6869
Trust: 0.8
sources:
            
            
            VULHUB: VHN-184994 // 
            
            
            
            JVNDB: JVNDB-2020-006877 // 
            
            
            
            CNNVD: CNNVD-202006-1193 // 
            
            
            
            NVD: CVE-2020-6869

SOURCES
db:VULHUBid:VHN-184994
db:JVNDBid:JVNDB-2020-006877
db:CNNVDid:CNNVD-202006-1193
db:NVDid:CVE-2020-6869

LAST UPDATE DATE
2024-11-23T22:37:21.866000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184994date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-006877date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1193date:2020-06-30T00:00:00
db:NVDid:CVE-2020-6869date:2024-11-21T05:36:19.613

SOURCES RELEASE DATE
db:VULHUBid:VHN-184994date:2020-06-17T00:00:00
db:JVNDBid:JVNDB-2020-006877date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1193date:2020-06-17T00:00:00
db:NVDid:CVE-2020-6869date:2020-06-17T18:15:12.300