PT-2020-19291 · Zte · Zte E8820+2
Published
2020-12-21
·
Updated
2020-12-22
·
CVE-2020-6881
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ZTE E8810 version 1.0.26
ZTE E8810 version 2.0.1
ZTE E8820 version 1.1.3L
ZTE E8820 version 2.0.13
ZTE E8822 version 2.0.13
Description
The issue is caused by the failure of the device to verify the validity of abnormal messages, leading to a denial of service. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, causing it to deny service.
Recommendations
For ZTE E8810 version 1.0.26, update to a version that fixes the MQTT DoS vulnerability.
For ZTE E8810 version 2.0.1, update to a version that fixes the MQTT DoS vulnerability.
For ZTE E8820 version 1.1.3L, update to a version that fixes the MQTT DoS vulnerability.
For ZTE E8820 version 2.0.13, update to a version that fixes the MQTT DoS vulnerability.
For ZTE E8822 version 2.0.13, update to a version that fixes the MQTT DoS vulnerability.
As a temporary workaround, consider restricting access to the MQTT server to minimize the risk of exploitation.
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zte E8810
Zte E8820
Zte E8822