{"containers":{"cna":{"affected":[{"product":"ZXHN Z500","vendor":"n/a","versions":[{"status":"affected","version":"Affects: V1.0.0.2B1.1000"},{"status":"affected","version":"Fixed: V1.0.1.1B1.1000"}]},{"product":"ZXHN F670L","vendor":"n/a","versions":[{"status":"affected","version":"Affects: V1.1.10P1N2E"},{"status":"affected","version":"Fixed: V1.1.10P2N2"}]}],"descriptions":[{"lang":"en","value":"Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2."}],"problemTypes":[{"descriptions":[{"description":"input verification","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-11-19T16:35:23.000Z","orgId":"6786b568-6808-4982-b61f-398b0d9679eb","shortName":"zte"},"references":[{"tags":["x_refsource_MISC"],"url":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@zte.com.cn","ID":"CVE-2020-6879","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ZXHN Z500","version":{"version_data":[{"version_value":"Affects: V1.0.0.2B1.1000"},{"version_value":"Fixed: V1.0.1.1B1.1000"}]}},{"product_name":"ZXHN F670L","version":{"version_data":[{"version_value":"Affects: V1.1.10P1N2E"},{"version_value":"Fixed: V1.1.10P2N2"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"input verification"}]}]},"references":{"reference_data":[{"name":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922","refsource":"MISC","url":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T09:11:05.146Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013922"}]}]},"cveMetadata":{"assignerOrgId":"6786b568-6808-4982-b61f-398b0d9679eb","assignerShortName":"zte","cveId":"CVE-2020-6879","datePublished":"2020-11-19T16:35:23.000Z","dateReserved":"2020-01-13T00:00:00.000Z","dateUpdated":"2024-08-04T09:11:05.146Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}