Sign-up

ID

VAR-202006-1682


CVE

CVE-2020-6870


TITLE

ZTE U31R20 Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-007356

DESCRIPTION

The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115. ZTE U31R20 The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ZTE U31R20 is a network management product of China ZTE Corporation. There are security vulnerabilities in the ZTE U31R20 V12.17.20T115 version

Trust: 2.25

sources: NVD: CVE-2020-6870 // JVNDB: JVNDB-2020-007356 // CNVD: CNVD-2021-21930 // VULMON: CVE-2020-6870

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-21930

AFFECTED PRODUCTS

vendor:ztemodel:netnumen u31 r10scope:eqversion:v12.17.20t115

Trust: 1.0

vendor:ztemodel:netnumenu31r10scope:eqversion:12.17.20t115

Trust: 0.8

vendor:ztemodel:u31r20 12.17.20t115scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-21930 // JVNDB: JVNDB-2020-007356 // NVD: CVE-2020-6870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6870
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007356
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-21930
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1694
value: HIGH

Trust: 0.6

VULMON: CVE-2020-6870
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6870
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007356
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-21930
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-6870
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007356
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-21930 // VULMON: CVE-2020-6870 // JVNDB: JVNDB-2020-007356 // CNNVD: CNNVD-202006-1694 // NVD: CVE-2020-6870

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-007356 // NVD: CVE-2020-6870

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1694

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1694

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007356

PATCH
title:A Security Vulnerability in a ZTE Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013043
Trust: 0.8
title:Patch for ZTE U31R20 design error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/254506
Trust: 0.6
title:ZTE U31R20 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123191
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-21930 // 
            
            
            
            JVNDB: JVNDB-2020-007356 // 
            
            
            
            CNNVD: CNNVD-202006-1694

EXTERNAL IDS
db:NVDid:CVE-2020-6870
Trust: 3.1
db:ZTEid:1013043
Trust: 1.7
db:JVNDBid:JVNDB-2020-007356
Trust: 0.8
db:CNVDid:CNVD-2021-21930
Trust: 0.6
db:CNNVDid:CNNVD-202006-1694
Trust: 0.6
db:VULMONid:CVE-2020-6870
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-21930 // 
            
            
            
            VULMON: CVE-2020-6870 // 
            
            
            
            JVNDB: JVNDB-2020-007356 // 
            
            
            
            CNNVD: CNNVD-202006-1694 // 
            
            
            
            NVD: CVE-2020-6870

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-6870
Trust: 2.0
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1013043
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6870
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-21930 // 
            
            
            
            VULMON: CVE-2020-6870 // 
            
            
            
            JVNDB: JVNDB-2020-007356 // 
            
            
            
            CNNVD: CNNVD-202006-1694 // 
            
            
            
            NVD: CVE-2020-6870

SOURCES
db:CNVDid:CNVD-2021-21930
db:VULMONid:CVE-2020-6870
db:JVNDBid:JVNDB-2020-007356
db:CNNVDid:CNNVD-202006-1694
db:NVDid:CVE-2020-6870

LAST UPDATE DATE
2024-11-23T22:44:29.635000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-21930date:2021-03-24T00:00:00
db:VULMONid:CVE-2020-6870date:2020-07-06T00:00:00
db:JVNDBid:JVNDB-2020-007356date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1694date:2020-07-07T00:00:00
db:NVDid:CVE-2020-6870date:2024-11-21T05:36:19.710

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-21930date:2021-03-24T00:00:00
db:VULMONid:CVE-2020-6870date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-007356date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1694date:2020-06-24T00:00:00
db:NVDid:CVE-2020-6870date:2020-06-24T16:15:10.987