CVE-2020-6874

{"id": "CVE-2020-6874", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2020-09-01T21:15:13.410", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013463", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}, {"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04."}, {"lang": "es", "value": "Un producto ZTE est\u00e1 afectado por una vulnerabilidad de problemas criptogr\u00e1ficos. El algoritmo de cifrado no es utilizado apropiadamente, por lo que los atacantes remotos podr\u00edan usar esta vulnerabilidad para ataques de enumeraci\u00f3n de credenciales de cuentas o ataques de fuerza bruta para adivinar contrase\u00f1as. Esto afecta a: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxiptv_firmware:zxiptv-web-pv5.09.08.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AA97DD2-7F8C-4B0F-84E1-0C763F5321BD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxiptv:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDB8D9EA-409E-4AE3-818A-7CBB141D2660"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}