7.5
CVE-2021-21723
- EPSS 1.19%
- Veröffentlicht 26.01.2021 18:16:18
- Zuletzt bearbeitet 21.11.2024 05:48:52
- Quelle psirt@zte.com.cn
- CVE-Watchlists
- Unerledigt
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zte ≫ Zxr10 9904 Firmware Version <= v1.01.10.b12
Zte ≫ Zxr10 9908 Firmware Version <= v1.01.10.b12
Zte ≫ Zxr10 9916 Firmware Version <= v1.01.10.b12
Zte ≫ Zxr10 9904-s Firmware Version <= v1.01.10.b12
Zte ≫ Zxr10 9908-s Firmware Version <= v1.01.10.b12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.19% | 0.64 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424