VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 1, 2020· Updated Aug 4, 2024

CVE-2020-6874

CVE-2020-6874

Description

Weak encryption in ZTE ZXIPTV allows remote attackers to enumerate or brute-force passwords via credential guessing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Weak encryption in ZTE ZXIPTV allows remote attackers to enumerate or brute-force passwords via credential guessing.

Vulnerability

ZTE ZXIPTV and ZXIPTV-WEB versions up to PV5.09.08.04 use an encryption algorithm improperly, leading to a cryptographic weakness. This flaw enables remote attackers to conduct account credential enumeration or brute-force attacks for password guessing. The affected product is ZXIPTV with the web component ZXIPTV-WEB-PV5.09.08.04. [1]

Exploitation

An attacker with network access to the ZXIPTV web interface can exploit the weak encryption to perform credential enumeration or brute-force attacks without requiring prior authentication. The vulnerability stems from the improper implementation of the encryption algorithm, making it possible to guess or enumerate user credentials. [1]

Impact

Successful exploitation allows the attacker to enumerate valid accounts or brute-force passwords, potentially gaining unauthorized access to the ZXIPTV system. This leads to confidentiality and integrity compromise as described in the CVSS vector (C:L, I:L). [1]

Mitigation

ZTE has released a fix in version ZXIPTV-WEB-PV5.09.08.04P3 or later. Users should upgrade to the resolved version to remediate the vulnerability. No workarounds are provided. [1]

References
  1. Security Bulletin Details

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • ZTE/ZXIPTV, ZXIPTV-WEB-PV5.09.08.04description
  • Zte/ZXIPTVllm-create
  • Zte/ZXIPTV-WEBllm-create
    Range: = PV5.09.08.04

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.