CVE-2020-6868

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
3.3
Low
Weakness Type
CWE-20
View all →

Vulnerability Description

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6

Related Vulnerabilities

CVE-2009-5004

MEDIUM
CVSS:6.5(Medium)

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

CWE-202009

CVE-2010-2449

MEDIUM
CVSS:6.5(Medium)

Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.

CWE-202010

CVE-2010-2473

MEDIUM
CVSS:6.5(Medium)

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal si...

CWE-202010

CVE-2010-2490

MEDIUM
CVSS:6.5(Medium)

Mumble: murmur-server has DoS due to malformed client query

CWE-202010

CVE-2010-3050

MEDIUM
CVSS:6.5(Medium)

Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

CWE-202010

CVE-2010-3439

MEDIUM
CVSS:6.5(Medium)

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

CWE-202010