Information Leak Vulnerability in ZTE Routers
CVE-2020-6882

7.5HIGH

Key Information:

Vendor: Zte
Status: <zxhn E8810, Zxhn E8820, Zxhn E8822>
Vendor: CVE Published:; 21 December 2020

What is CVE-2020-6882?

An information leak vulnerability exists in ZTE E8810/E8820/E8822 series routers, stemming from hard-coded MQTT service access credentials. This flaw allows remote attackers to connect to the MQTT server using these embedded credentials, potentially gaining access to information about other connected devices by issuing specific topic queries. The affected router versions are ZXHN E8810, ZXHN E8820, and ZXHN E8822 across various firmware updates.

Affected Version(s)

<ZXHN E8810, ZXHN E8820, ZXHN E8822> <E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2020
Vulnerability Reserved
Jan 13, 2020

Zte

What is CVE-2020-6882?

Affected Version(s)

References

CVSS V3.1

Timeline