Vulnerability Details CVE-2020-6872
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-6872
-
cpe:2.3:h:zte:r5300g4:-
-
cpe:2.3:h:zte:r5500g4:-
-
cpe:2.3:h:zte:r8500g4:-
-
cpe:2.3:o:zte:r5300g4_firmware:03.04.0020
-
cpe:2.3:o:zte:r5300g4_firmware:03.05.0040
-
cpe:2.3:o:zte:r5300g4_firmware:03.05.0043
-
cpe:2.3:o:zte:r5300g4_firmware:03.05.0044
-
cpe:2.3:o:zte:r5300g4_firmware:03.05.0045
-
cpe:2.3:o:zte:r5300g4_firmware:03.05.0046
-
cpe:2.3:o:zte:r5300g4_firmware:03.05.0047
-
cpe:2.3:o:zte:r5300g4_firmware:03.07.0100
-
cpe:2.3:o:zte:r5300g4_firmware:03.07.0108
-
cpe:2.3:o:zte:r5300g4_firmware:03.07.0200
-
cpe:2.3:o:zte:r5300g4_firmware:03.07.0300
-
cpe:2.3:o:zte:r5300g4_firmware:03.08.0100
-
cpe:2.3:o:zte:r5500g4_firmware:03.06.0100
-
cpe:2.3:o:zte:r5500g4_firmware:03.07.0100
-
cpe:2.3:o:zte:r5500g4_firmware:03.07.0200
-
cpe:2.3:o:zte:r5500g4_firmware:03.08.0100
-
cpe:2.3:o:zte:r8500g4_firmware:03.05.0020
-
cpe:2.3:o:zte:r8500g4_firmware:03.05.0400
-
cpe:2.3:o:zte:r8500g4_firmware:03.06.0100
-
cpe:2.3:o:zte:r8500g4_firmware:03.07.0101
-
cpe:2.3:o:zte:r8500g4_firmware:03.07.0103