CVE-2020-6872

Name of the Vulnerable Software and Affected Versions ZTE server management software module versions V03.08.0100 through V03.05.0040 ZTE server management software module versions V03.07.0300 through V03.07.0100 ZTE server management software module versions V03.07.0103 through V03.05.0020 ZTE server management software module versions V03.08.0100 through V03.06.0100

Description The issue is related to a storage XSS vulnerability in the server management software module. An attacker can insert malicious code through the login page, causing users to execute a predefined malicious script in their browser.

Recommendations For versions V03.08.0100 through V03.05.0040, consider disabling the login page functionality until a patch is available. For versions V03.07.0300 through V03.07.0100, restrict access to the foreground login page to minimize the risk of exploitation. For versions V03.07.0103 through V03.05.0020, avoid using the login functionality in the affected software module until the issue is resolved. For versions V03.08.0100 through V03.06.0100, consider implementing additional security measures to prevent malicious script execution.