PT-2020-19292 · Zte · Zte E8820+2
Published
2020-12-21
·
Updated
2021-07-21
·
CVE-2020-6882
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ZTE E8810 version 1.0.26
ZTE E8810 version 2.0.1
ZTE E8820 version 1.1.3L
ZTE E8820 version 2.0.13
ZTE E8822 version 2.0.13
Description
The issue is caused by hard-coded MQTT service access credentials on the device, allowing a remote attacker to connect to the MQTT server and obtain information about other devices by sending specific topics.
Recommendations
For ZTE E8810 version 1.0.26, update the device to remove hard-coded credentials.
For ZTE E8810 version 2.0.1, update the device to remove hard-coded credentials.
For ZTE E8820 version 1.1.3L, update the device to remove hard-coded credentials.
For ZTE E8820 version 2.0.13, update the device to remove hard-coded credentials.
For ZTE E8822 version 2.0.13, update the device to remove hard-coded credentials.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zte E8810
Zte E8820
Zte E8822