Unrated severityNVD Advisory· Published Dec 1, 2020· Updated Aug 4, 2024

CVE-2020-6880

Description

A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.

Affected products

ZXELINK/ZXELINK wireless controllerdescription
ZXELINK/ZXV10 W908llm-create
Range: < MIPS_A_1022IPV6R3T6P7Y20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zxelink.com.cn/website/html/CommonContent.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000