Details of VAR-202012-1441

ID

VAR-202012-1441

CVE

CVE-2020-6882

TITLE

plural ZTE Vulnerability in using hard-coded credentials in routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-014704

DESCRIPTION

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>. ZTE E8810 is an intelligent cloud router of China ZTE Corporation. ZTE E8810 has a hard-coded vulnerability in the MQTT service

Trust: 2.16

sources: NVD: CVE-2020-6882 // JVNDB: JVNDB-2020-014704 // CNVD: CNVD-2020-74853

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-74853

AFFECTED PRODUCTS

vendor:	zte	model:	zxhn e8820	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	zte	model:	zxhn e8810	scope:	eq	version:	1.0.26	Trust: 1.0
vendor:	zte	model:	zxhn e8820	scope:	eq	version:	2.0.13	Trust: 1.0
vendor:	zte	model:	zxhn e8810	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	zte	model:	zxhn e8822	scope:	eq	version:	2.0.13	Trust: 1.0
vendor:	zte	model:	zxhn e8810	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxhn e8822	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxhn e8820	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	e8810	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-74853 // JVNDB: JVNDB-2020-014704 // NVD: CVE-2020-6882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6882
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-6882
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-74853
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-1451
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-6882
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-74853
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-6882
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-6882
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-74853 // JVNDB: JVNDB-2020-014704 // CNNVD: CNNVD-202012-1451 // NVD: CVE-2020-6882

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Using hardcoded credentials (CWE-798) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014704 // NVD: CVE-2020-6882

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1451

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-1451

PATCH

title:	Statement of Vulnerabilities in ZTE E8810/E8820/E8822 Series Routers	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202	Trust: 0.8
title:	Patch for ZTE E8810 information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/242755	Trust: 0.6
title:	ZTE E8810/E8820/E8822 series Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137892	Trust: 0.6

sources: CNVD: CNVD-2020-74853 // JVNDB: JVNDB-2020-014704 // CNNVD: CNNVD-202012-1451

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6882	Trust: 3.0
db:	ZTE	id:	1014202	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-014704	Trust: 0.8
db:	CNVD	id:	CNVD-2020-74853	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1451	Trust: 0.6

sources: CNVD: CNVD-2020-74853 // JVNDB: JVNDB-2020-014704 // CNNVD: CNNVD-202012-1451 // NVD: CVE-2020-6882

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-6882	Trust: 2.0
url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1014202	Trust: 1.6

sources: CNVD: CNVD-2020-74853 // JVNDB: JVNDB-2020-014704 // CNNVD: CNNVD-202012-1451 // NVD: CVE-2020-6882

SOURCES

db:	CNVD	id:	CNVD-2020-74853
db:	JVNDB	id:	JVNDB-2020-014704
db:	CNNVD	id:	CNNVD-202012-1451
db:	NVD	id:	CVE-2020-6882

LAST UPDATE DATE

2024-11-23T22:44:18.671000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-74853	date:	2020-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-014704	date:	2021-08-27T03:08:00
db:	CNNVD	id:	CNNVD-202012-1451	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2020-6882	date:	2024-11-21T05:36:20.817

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-74853	date:	2020-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-014704	date:	2021-08-27T00:00:00
db:	CNNVD	id:	CNNVD-202012-1451	date:	2020-12-21T00:00:00
db:	NVD	id:	CVE-2020-6882	date:	2020-12-21T18:15:16.790