CVE-2020-6874
First published: Tue Sep 01 2020(Updated: )
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Zxiptv Firmware | =zxiptv-web-pv5.09.08.04 | |
| Zte Zxiptv |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-6874?
CVE-2020-6874 is a vulnerability in a ZTE product that is impacted by cryptographic issues.
What is the severity of CVE-2020-6874?
The severity of CVE-2020-6874 is critical with a CVSS score of 9.1.
Which ZTE products are affected by CVE-2020-6874?
The ZTE products affected by CVE-2020-6874 are ZXIPTV and ZXIPTV-WEB-PV5.09.08.04.
What are the potential attacks that can be carried out using CVE-2020-6874?
Remote attackers could use CVE-2020-6874 for account credential enumeration attack or brute-force attack for password guessing.
Is there any fix available for CVE-2020-6874?
To fix CVE-2020-6874, it is recommended to update the affected ZTE product to a patched version.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/zte
- canonical/zte zxiptv firmware
- version/zte zxiptv firmware/zxiptv-web-pv5.09.08.04
- canonical/zte zxiptv