Authentication Bypass Vulnerability in ZTE Server Management Software
CVE-2020-6871

9.8CRITICAL

Key Information:

Vendor: Zte
Status: <r5300g4?r8500g4?r5500g4>
Vendor: CVE Published:; 20 July 2020

What is CVE-2020-6871?

The ZTE server management software contains a vulnerability that allows unauthorized users to bypass authentication protocols. This flaw can enable attackers to execute commands typically reserved for high-level users, posing a significant security threat. Affected versions include several iterations of models R5300G4, R8500G4, and R5500G4. Organizations using this software should promptly assess their systems and implement necessary mitigations to protect sensitive resources.

Affected Version(s)

<R5300G4?R8500G4?R5500G4> <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020 < R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020

<R5300G4?R8500G4?R5500G4> R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020

<R5300G4?R8500G4?R5500G4> R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>. > R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100.

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2020
Vulnerability Reserved
Jan 13, 2020

Zte

What is CVE-2020-6871?

Affected Version(s)

References

CVSS V3.1

Timeline