CVE-2021-21731
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04
Se presenta una vulnerabilidad de tipo CSRF en la página de administración de un producto ZTE. La vulnerabilidad es debido a que la página de administración no verifica completamente si la petición proviene de un usuario confiable. El atacante podría enviar una petición maliciosa hacia el dispositivo afectado para eliminar los datos. Esto afecta: ZXCLOUD iRAI Todas las versiones hasta KVM-ProductV6.03.04
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-04-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014824 | 2021-04-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxcloud Irai Firmware Search vendor "Zte" for product "Zxcloud Irai Firmware" | < 6.03.04 Search vendor "Zte" for product "Zxcloud Irai Firmware" and version " < 6.03.04" | - |
Affected
| in | Zte Search vendor "Zte" | Zxcloud Irai Search vendor "Zte" for product "Zxcloud Irai" | - | - |
Safe
|