CVE-2021-21724
Severity Score
4.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.
Un producto ZTE presenta una vulnerabilidad de pérdida de la memoria. Debido al manejo inapropiado de liberación de la memoria del producto en determinados escenarios, un atacante local con permisos de dispositivo atenuó repetidamente la señal óptica para causar pérdida de la memoria y un servicio anormal. Esto afecta a: ZXR10 8900E, todas las versiones hasta V3.03.20R2B30P1
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-02-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584 | 2021-03-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxr10 8900e Firmware Search vendor "Zte" for product "Zxr10 8900e Firmware" | <= 3.03.20r2b30p1 Search vendor "Zte" for product "Zxr10 8900e Firmware" and version " <= 3.03.20r2b30p1" | - |
Affected
| in | Zte Search vendor "Zte" | Zxr10 8900e Search vendor "Zte" for product "Zxr10 8900e" | - | - |
Safe
|