CVE-2021-21734 | Severity.io

Description

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

Related CPE's

zxa10_f821_firmware

Vulnerable

zxa10_f822_firmware

Vulnerable

zxa10_f819_firmware

Vulnerable

zxa10_f832_firmware

Vulnerable

zxa10_f839_firmware

Vulnerable

zxa10_f809_firmware

Vulnerable

zxa10_f822p_firmware

Vulnerable

zxa10_f832v2_firmware

Vulnerable

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-312

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-05-28T12:15:07.603

4 years ago

Last modified

2021-06-10T19:02:12.077

4 years ago