CVE-2021-21734
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01
Algunos dispositivos PON MDU de ZTE almacenan información confidencial en texto plano, y los usuarios con autoridad de inicio de sesión pueden obtenerla al ingresar un comando. Esto afecta: dispositivo ZTE PON MDU ZXA10 F821 versión V1.7.0P3T22, ZXA10 F822 versión V1.4.3T6, ZXA10 F819 versión V1.2.1T5, ZXA10 F832 versión V1.1.1T7, ZXA10 F839 versión V1.1.0T8, ZXA10 F809 versión V3.2A10T1, ZXA10 F809 versión V3.2.1T1 F822P versión V1.1.1T7, ZXA10 F832 versión V2.00.00.01
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-05-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524 | 2021-06-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxa10 F821 Firmware Search vendor "Zte" for product "Zxa10 F821 Firmware" | 1.7.0p3t22 Search vendor "Zte" for product "Zxa10 F821 Firmware" and version "1.7.0p3t22" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F821 Search vendor "Zte" for product "Zxa10 F821" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxa10 F822 Firmware Search vendor "Zte" for product "Zxa10 F822 Firmware" | 1.4.3t6 Search vendor "Zte" for product "Zxa10 F822 Firmware" and version "1.4.3t6" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F822 Search vendor "Zte" for product "Zxa10 F822" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxa10 F819 Firmware Search vendor "Zte" for product "Zxa10 F819 Firmware" | 1.2.1t5 Search vendor "Zte" for product "Zxa10 F819 Firmware" and version "1.2.1t5" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F819 Search vendor "Zte" for product "Zxa10 F819" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxa10 F832 Firmware Search vendor "Zte" for product "Zxa10 F832 Firmware" | 1.1.1t7 Search vendor "Zte" for product "Zxa10 F832 Firmware" and version "1.1.1t7" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F832 Search vendor "Zte" for product "Zxa10 F832" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxa10 F839 Firmware Search vendor "Zte" for product "Zxa10 F839 Firmware" | 1.1.0t8 Search vendor "Zte" for product "Zxa10 F839 Firmware" and version "1.1.0t8" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F839 Search vendor "Zte" for product "Zxa10 F839" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxa10 F809 Firmware Search vendor "Zte" for product "Zxa10 F809 Firmware" | 3.2.1t1 Search vendor "Zte" for product "Zxa10 F809 Firmware" and version "3.2.1t1" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F809 Search vendor "Zte" for product "Zxa10 F809" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxa10 F822p Firmware Search vendor "Zte" for product "Zxa10 F822p Firmware" | 1.1.1t7 Search vendor "Zte" for product "Zxa10 F822p Firmware" and version "1.1.1t7" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F822p Search vendor "Zte" for product "Zxa10 F822p" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxa10 F832v2 Firmware Search vendor "Zte" for product "Zxa10 F832v2 Firmware" | 2.00.00.01 Search vendor "Zte" for product "Zxa10 F832v2 Firmware" and version "2.00.00.01" | - |
Affected
| in | Zte Search vendor "Zte" | Zxa10 F832v2 Search vendor "Zte" for product "Zxa10 F832v2" | - | - |
Safe
|