MQTT Denial of Service Vulnerability in ZTE Routers
CVE-2020-6881

7.5HIGH

Key Information:

Vendor: Zte
Status: <zxhn E8810, Zxhn E8820, Zxhn E8822>
Vendor: CVE Published:; 21 December 2020

What is CVE-2020-6881?

A denial of service vulnerability exists in ZTE E8810, E8820, and E8822 series routers due to insufficient validation of abnormal MQTT messages. A remote attacker can exploit this weakness by connecting to the MQTT server and sending crafted exception messages, leading to service denial on the affected devices. This vulnerability affects several firmware versions, making it a pressing concern for network security.

Affected Version(s)

<ZXHN E8810, ZXHN E8820, ZXHN E8822> <E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2020
Vulnerability Reserved
Jan 13, 2020

Zte

What is CVE-2020-6881?

Affected Version(s)

References

CVSS V3.1

Timeline