CVE-2021-21734

2021-05-2811:45:42

zte

www.cve.org

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

CNA Affected

[
  {
    "product": "ZTE PON MDU devices",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ZXA10 F821 V1.7.0P3T22,ZXA10 F822 V1.4.3T6,ZXA10 F819 V1.2.1T5,ZXA10 F832 V1.1.1T7,ZXA10 F839 V1.1.0T8,ZXA10 F809 V3.2.1T1,ZXA10 F822P V1.1.1T7,ZXA10 F832 V2.00.00.01"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524