7.5

CVE-2021-21723

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZteZxr10 9904 Firmware Version <= v1.01.10.b12
   ZteZxr10 9904 Version-
ZteZxr10 9908 Firmware Version <= v1.01.10.b12
   ZteZxr10 9908 Version-
ZteZxr10 9916 Firmware Version <= v1.01.10.b12
   ZteZxr10 9916 Version-
ZteZxr10 9904-s Firmware Version <= v1.01.10.b12
   ZteZxr10 9904-s Version-
ZteZxr10 9908-s Firmware Version <= v1.01.10.b12
   ZteZxr10 9908-s Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.19% 0.64
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424
Vendor Advisory