CVE-2021-21741
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command.
Un sistema de administración de conferencias de ZTE, está afectado por una vulnerabilidad de ejecución de comandos. Dado que el servicio de objetos java de soapmonitor está habilitado por defecto, el atacante podría aprovechar esta vulnerabilidad para ejecutar comandos arbitrario mediante el envío de una carga útil deserializada al puerto 5001.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-08-30 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424 | 2023-06-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxv10 M910 Firmware Search vendor "Zte" for product "Zxv10 M910 Firmware" | 1.2.16.01u01.01 Search vendor "Zte" for product "Zxv10 M910 Firmware" and version "1.2.16.01u01.01" | - |
Affected
| in | Zte Search vendor "Zte" | Zxv10 M910 Search vendor "Zte" for product "Zxv10 M910" | * | - |
Safe
|
| Zte Search vendor "Zte" | Zxv10 M910 Firmware Search vendor "Zte" for product "Zxv10 M910 Firmware" | 1.2.19.01u01.01 Search vendor "Zte" for product "Zxv10 M910 Firmware" and version "1.2.19.01u01.01" | - |
Affected
| in | Zte Search vendor "Zte" | Zxv10 M910 Search vendor "Zte" for product "Zxv10 M910" | * | - |
Safe
|
| Zte Search vendor "Zte" | Zxv10 M910 Firmware Search vendor "Zte" for product "Zxv10 M910 Firmware" | 1.2.20.01u01.01 Search vendor "Zte" for product "Zxv10 M910 Firmware" and version "1.2.20.01u01.01" | - |
Affected
| in | Zte Search vendor "Zte" | Zxv10 M910 Search vendor "Zte" for product "Zxv10 M910" | * | - |
Safe
|
| Zte Search vendor "Zte" | Zxv10 M910 Firmware Search vendor "Zte" for product "Zxv10 M910 Firmware" | 1.2.21.01.04 Search vendor "Zte" for product "Zxv10 M910 Firmware" and version "1.2.21.01.04" | p01 |
Affected
| in | Zte Search vendor "Zte" | Zxv10 M910 Search vendor "Zte" for product "Zxv10 M910" | * | - |
Safe
|