CVE-2020-6880
CRITICALZTE ZXV10 W908 Firmware < mips_a_1022ipv6r3t6p7y20 - Unauthenticated SQL Injection
Title source: llmDescription
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.zxelink.com.cn/website/html/CommonContent.html?classify=news&id=43&menuID=20201126153313319
Scores
CVSS v3
9.8
EPSS
0.0062
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
zte/zxv10_w908_firmware
< mips_a_1022ipv6r3t6p7y20
Published
Dec 01, 2020
Tracked Since
Feb 18, 2026