How severe is CVE-2020-6879?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2020-6879?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-6879 - LOW Severity | CVSS 3.5

Vulnerability Description

Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.

Related Vulnerabilities

CVE-2016-1763

LOW

CVSS:3.5(Low)

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a...

CWE-202016

CVE-2016-8535

LOW

CVSS:3.5(Low)

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CWE-202016

CVE-2016-8651

LOW

CVSS:3.5(Low)

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access t...

CWE-202016

CVE-2017-7517

LOW

CVSS:3.5(Low)

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject...

CWE-202017

CVE-2019-4271

LOW

CVSS:3.5(Low)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

CWE-202019

CVE-2019-5461

LOW

CVSS:3.5(Low)

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This ...

CWE-202019