CVE-2020-6870
HIGHZTE NetNumen U31 R20 V12.17.20T115 - Unauthenticated FTP Server Password Tampering and Arbitrary File Manipulation
Title source: llmDescription
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013043
Scores
CVSS v3
8.0
EPSS
0.0014
EPSS Percentile
34.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
zte/netnumen_u31_r10_firmware
v12.17.20t115
Published
Jun 24, 2020
Tracked Since
Feb 18, 2026