{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T20:51:32.408","vulnerabilities":[{"cve":{"id":"CVE-2020-6879","sourceIdentifier":"psirt@zte.com.cn","published":"2020-11-19T17:15:13.420","lastModified":"2024-11-21T05:36:20.513","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2."},{"lang":"es","value":"Algunos dispositivos ZTE presentan vulnerabilidades de comprobación de entrada. Los dispositivos admiten la configuración de un prefijo estático por medio de la página de administración web. La restricción del código de front-end se puede omitir al construir un mensaje de petición POST y mediante el envío de la petición a la creación de una interfaz de configuración de reglas de enrutamiento estático. El backend del servicio WEB no puede verificar eficazmente la entrada anormal. Como resultado, el atacante puede usar con éxito la vulnerabilidad para alterar los valores de los parámetros. Esto afecta a: ZXHN Z500 V1.0.0.2B1.1000 y ZXHN F670L V1.1.10P1N2E. Esto se corrige en ZXHN Z500 V1.0.1.1B1.1000 y ZXHN F670L V1.1.10P2N2"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:N/I:P/A:N","baseScore":2.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":5.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zte:zxhn_z500_firmware:v1.0.0.2b1.1000:*:*:*:*:*:*:*","matchCriteriaId":"BFCCD8D8-9A70-4F84-A57B-AE615DEB5025"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zte:zxhn_z500:-:*:*:*:*:*:*:*","matchCriteriaId":"6733C2DF-7974-4552-8A32-381D4030629B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zte:zxhn_f670l_firmware:v1.1.10p1n2e:*:*:*:*:*:*:*","matchCriteriaId":"01DC21FE-715F-4950-811E-376F5648315E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zte:zxhn_f670l:-:*:*:*:*:*:*:*","matchCriteriaId":"0FA91D9C-2F8C-4567-887F-CD9C39045B5E"}]}]}],"references":[{"url":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922","source":"psirt@zte.com.cn","tags":["Vendor Advisory"]},{"url":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}