PT-2020-4342 · Zte · R5500G4+3
Published
2020-07-18
·
Updated
2020-07-24
·
CVE-2020-6871
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
ZTE server management software module versions V03.08.0100 through V03.07.0100 for R5300G4
ZTE server management software module versions V03.07.0103 through V03.05.0020 for R8500G4
ZTE server management software module versions V03.08.0100 through V03.06.0100 for R5500G4
Description:
The issue is related to an authentication problem in the server management software module of ZTE, allowing users to bypass server authentication and execute commands intended for high-level users. This can be exploited by a remote attacker to execute arbitrary commands.
Recommendations:
For R5300G4 versions V03.08.0100 through V03.07.0100, update to a version that fixes the authentication issue.
For R8500G4 versions V03.07.0103 through V03.05.0020, update to a version that fixes the authentication issue.
For R5500G4 versions V03.08.0100 through V03.06.0100, update to a version that fixes the authentication issue.
As a temporary workaround, consider restricting access to the server management software module until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
R5300G4
R5500G4
R8500G4
Zte Server Management