{"containers": {"cna": {"affected": [{"product": "<R5300G4?R8500G4?R5500G4>", "vendor": "n/a", "versions": [{"status": "affected", "version": "<R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"}, {"status": "affected", "version": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"}, {"status": "affected", "version": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>"}]}], "descriptions": [{"lang": "en", "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>."}], "problemTypes": [{"descriptions": [{"description": "XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-20T17:02:52", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2020-6872", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "<R5300G4?R8500G4?R5500G4>", "version": {"version_data": [{"version_value": "<R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020"}, {"version_value": "R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020"}, {"version_value": "R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS"}]}]}, "references": {"reference_data": [{"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203", "refsource": "MISC", "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"}]}}}}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2020-6872", "datePublished": "2020-07-20T17:02:52", "dateReserved": "2020-01-13T00:00:00", "dateUpdated": "2020-07-20T17:02:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.05.0020:*:*:*:*:*:*:*", "matchCriteriaId": "427C281A-23B9-4798-8EB1-97ABEBFBBB46", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.05.0400:*:*:*:*:*:*:*", "matchCriteriaId": "30294BA9-C5BC-4751-A64D-2AD69813322A", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.06.0100:*:*:*:*:*:*:*", "matchCriteriaId": "9E7A7130-A881-4D40-9EC9-816384B75A71", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.07.0101:*:*:*:*:*:*:*", "matchCriteriaId": "CE747C03-CBA0-4942-AF95-33F71200B353", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r8500g4_firmware:03.07.0103:*:*:*:*:*:*:*", "matchCriteriaId": "D7DD22DD-DA77-466D-B640-7910746795A7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:r8500g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "30671825-122A-4F27-A8BF-5CEBEFA96A35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.06.0100:*:*:*:*:*:*:*", "matchCriteriaId": "EF90E703-40FB-4A54-B67E-8E2E06E44D50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.07.0100:*:*:*:*:*:*:*", "matchCriteriaId": "9034CF8E-BB91-4385-A044-9041DB0E9081", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.07.0200:*:*:*:*:*:*:*", "matchCriteriaId": "9DF263BA-435F-44B1-8B64-F731D4812C1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5500g4_firmware:03.08.0100:*:*:*:*:*:*:*", "matchCriteriaId": "D1C40CD1-FC7D-4146-83DE-EDF6A37B0BA3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:r5500g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F8F83DC-A10F-4AEA-BA76-14F9F0EA9D44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.04.0020:*:*:*:*:*:*:*", "matchCriteriaId": "FBCDBC33-A6FB-4A88-BC07-E1DB4E6B6CF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0040:*:*:*:*:*:*:*", "matchCriteriaId": "E238D3DB-5AF0-4A53-81B3-BABB7AFFDA41", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0043:*:*:*:*:*:*:*", "matchCriteriaId": "6B845BC7-608E-4583-9D32-3F28FA069D6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0044:*:*:*:*:*:*:*", "matchCriteriaId": "06246428-5693-4CF2-BEFE-0DAD52005A61", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0045:*:*:*:*:*:*:*", "matchCriteriaId": "F26029B1-BF93-4AEC-AC09-DCB77D423C2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0046:*:*:*:*:*:*:*", "matchCriteriaId": "FA7123C8-26E4-44CE-9780-197C1D054236", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.05.0047:*:*:*:*:*:*:*", "matchCriteriaId": "C0071FD6-B5A4-4959-A195-BE246DF0E28F", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0100:*:*:*:*:*:*:*", "matchCriteriaId": "D88DD18D-681D-4854-BD32-67EF17DD47DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0108:*:*:*:*:*:*:*", "matchCriteriaId": "0B3EB4B6-9649-4988-9FB8-3AF5BB4A4B0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0200:*:*:*:*:*:*:*", "matchCriteriaId": "10446912-96D3-461E-8151-52C37EEA0863", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.07.0300:*:*:*:*:*:*:*", "matchCriteriaId": "9C07D7CC-E7FD-480C-B8C3-580BD8CBCA0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:r5300g4_firmware:03.08.0100:*:*:*:*:*:*:*", "matchCriteriaId": "32427DC0-A743-44A9-B001-CE7243F0F92F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:r5300g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "A56E434E-DFE6-4CCC-A2EA-EBC25DA5F6D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>."}, {"lang": "es", "value": "El m\u00f3dulo del software de administraci\u00f3n del servidor de ZTE presenta una vulnerabilidad de tipo XSS almacenado. El atacante inserta algunos c\u00f3digos de ataque por medio de la p\u00e1gina de inicio de sesi\u00f3n en primer plano, lo que causar\u00e1 que un usuario ejecute un script malicioso predefinido en el navegador. Esto afecta a las versiones (R5300G4V03.08.0100/V03.07.0300/ V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/ V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.002043; R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/ V03.05.0020; R5500G4V03.08.0100/V03.07.0200/V03.07.0100/ V03.06.0100)"}], "id": "CVE-2020-6872", "lastModified": "2020-07-24T14:01:40.457", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-20T18:15:12.623", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013203"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}