CVE-2021-21723

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.

Algunos productos ZTE presentan una vulnerabilidad de DoS. Debido al manejo inapropiado de la liberación de la memoria en algunos escenarios específicos, un atacante remoto puede desencadenar la vulnerabilidad al llevar a cabo una serie de operaciones, resultando en una pérdida de memoria, que eventualmente puede conllevar a una denegación de servicio del dispositivo. Esto afecta a: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; todas las versiones hasta V1.01.10.B12

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-04 CVE Reserved
2021-01-21 CVE Published
2023-10-07 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424	2021-02-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zte Search vendor "Zte"	Zxr10 9904 Firmware Search vendor "Zte" for product "Zxr10 9904 Firmware"	<= v1.01.10.b12 Search vendor "Zte" for product "Zxr10 9904 Firmware" and version " <= v1.01.10.b12"	-	Affected	in	Zte Search vendor "Zte"	Zxr10 9904 Search vendor "Zte" for product "Zxr10 9904"	-	-	Safe
Zte Search vendor "Zte"	Zxr10 9908 Firmware Search vendor "Zte" for product "Zxr10 9908 Firmware"	<= v1.01.10.b12 Search vendor "Zte" for product "Zxr10 9908 Firmware" and version " <= v1.01.10.b12"	-	Affected	in	Zte Search vendor "Zte"	Zxr10 9908 Search vendor "Zte" for product "Zxr10 9908"	-	-	Safe
Zte Search vendor "Zte"	Zxr10 9916 Firmware Search vendor "Zte" for product "Zxr10 9916 Firmware"	<= v1.01.10.b12 Search vendor "Zte" for product "Zxr10 9916 Firmware" and version " <= v1.01.10.b12"	-	Affected	in	Zte Search vendor "Zte"	Zxr10 9916 Search vendor "Zte" for product "Zxr10 9916"	-	-	Safe
Zte Search vendor "Zte"	Zxr10 9904-s Firmware Search vendor "Zte" for product "Zxr10 9904-s Firmware"	<= v1.01.10.b12 Search vendor "Zte" for product "Zxr10 9904-s Firmware" and version " <= v1.01.10.b12"	-	Affected	in	Zte Search vendor "Zte"	Zxr10 9904-s Search vendor "Zte" for product "Zxr10 9904-s"	-	-	Safe
Zte Search vendor "Zte"	Zxr10 9908-s Firmware Search vendor "Zte" for product "Zxr10 9908-s Firmware"	<= v1.01.10.b12 Search vendor "Zte" for product "Zxr10 9908-s Firmware" and version " <= v1.01.10.b12"	-	Affected	in	Zte Search vendor "Zte"	Zxr10 9908-s Search vendor "Zte" for product "Zxr10 9908-s"	-	-	Safe