6.5

CVE-2021-21734

EPSS 0.14%
Published 28.05.2021 12:15:07
Last modified 21.11.2024 05:48:54
Source psirt@zte.com.cn
Teams watchlist Login
Open Login

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zte ≫ Zxa10 F821 Firmware Version1.7.0p3t22

Zte ≫ Zxa10 F821 Version-

Zte ≫ Zxa10 F822 Firmware Version1.4.3t6

Zte ≫ Zxa10 F822 Version-

Zte ≫ Zxa10 F819 Firmware Version1.2.1t5

Zte ≫ Zxa10 F819 Version-

Zte ≫ Zxa10 F832 Firmware Version1.1.1t7

Zte ≫ Zxa10 F832 Version-

Zte ≫ Zxa10 F839 Firmware Version1.1.0t8

Zte ≫ Zxa10 F839 Version-

Zte ≫ Zxa10 F809 Firmware Version3.2.1t1

Zte ≫ Zxa10 F809 Version-

Zte ≫ Zxa10 F822p Firmware Version1.1.1t7

Zte ≫ Zxa10 F822p Version-

Zte ≫ Zxa10 F832v2 Firmware Version2.00.00.01

Zte ≫ Zxa10 F832v2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.303

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21734

EUVD