CVE-2020-6881

ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13>
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
zteCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
ztezxhn_e8810_firmware
1.0.26
ztezxhn_e8810_firmware
2.0.1
ztezxhn_e8820_firmware
1.1.3
ztezxhn_e8820_firmware
2.0.13
ztezxhn_e8822_firmware
2.0.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014202