CVE-2020-6879

Name of the Vulnerable Software and Affected Versions ZXHN Z500 versions 1.0.0.2B1.1000 through 1.0.0.2B1.1000 ZXHN F670L version 1.1.10P1N2E

Description Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the issue to tamper parameter values.

Recommendations For ZXHN Z500 version 1.0.0.2B1.1000, update to version 1.0.1.1B1.1000 to resolve the issue. For ZXHN F670L version 1.1.10P1N2E, update to version 1.1.10P2N2 to resolve the issue. As a temporary workaround, consider restricting access to the static routing rule configuration interface until a patch is available.