CVE-2020-6862

MEDIUM

ZTE F6x2W Firmware V6.0.10P2T2 and V6.0.10P2T5 - Unauthenticated Information Disclosure via CAPTCHA Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-6862. PoCs published by Hritik Vijay.

AI-analyzed exploit summary This exploit bypasses the CAPTCHA mechanism in ZTE F602W routers by manipulating the Frm_Logintoken parameter and forcing a login request via client-side validation bypass. It demonstrates an authentication bypass vulnerability (CVE-2020-6862) by submitting a crafted POST request with an arbitrary captcha value.

Description

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.

Exploits (1)

exploitdb WORKING POC
by Hritik Vijay · bashwebappshardware
https://www.exploit-db.com/exploits/48801

This exploit bypasses the CAPTCHA mechanism in ZTE F602W routers by manipulating the Frm_Logintoken parameter and forcing a login request via client-side validation bypass. It demonstrates an authentication bypass vulnerability (CVE-2020-6862) by submitting a crafted POST request with an arbitrary captcha value.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ZTE F6x2W V6.0.10P2T2, F6x2W V6.0.10P2T5
No auth needed
Prerequisites: Network access to the ZTE router · Default or known credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html

Scores

CVSS v3 5.3
EPSS 0.0631
EPSS Percentile 92.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-669
Status published
Products (2)
zte/f6x2w_firmware 6.0.10p2t2
zte/f6x2w_firmware 6.0.10p2t5
Published Jan 17, 2020
Tracked Since Feb 18, 2026