PT-2020-19285 · Zte · Zte Zxiptv+1

Published

2020-09-01

Updated

2021-07-21

CVE-2020-6874

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ZTE ZXIPTV version 5.09.08.04 ZTE ZXIPTV-WEB version 5.09.08.04

Description The issue is related to cryptographic problems where the encryption algorithm is not used properly. This could allow remote attackers to perform account credential enumeration attacks or brute-force attacks for password guessing.

Recommendations For ZTE ZXIPTV version 5.09.08.04, update the encryption algorithm to properly secure account credentials. For ZTE ZXIPTV-WEB version 5.09.08.04, update the encryption algorithm to properly secure account credentials. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-327

Related Identifiers

CVE-2020-6874

Affected Products

Zte Zxiptv

Zte Zxiptv-Web

PT-2020-19285 · Zte · Zte Zxiptv+1

CVE-2020-6874

Weakness Enumeration

Related Identifiers

Affected Products

References · 3