CVE-2020-6880

Name of the Vulnerable Software and Affected Versions ZXV10 W908 versions prior to MIPS A 1022IPV6R3T6P7Y20

Description A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights.

Recommendations For versions prior to MIPS A 1022IPV6R3T6P7Y20, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation. Avoid using the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.