4.4
CVE-2021-21724
- EPSS 0.36%
- Veröffentlicht 26.02.2021 03:15:12
- Zuletzt bearbeitet 21.11.2024 05:48:53
- Quelle psirt@zte.com.cn
- CVE-Watchlists
- Unerledigt
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zte ≫ Zxr10 8900e Firmware Version <= 3.03.20r2b30p1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.271 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584