Design/Logic Flaw

2021-05-2812:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

CPENameOperatorVersion
zxa10_f809_firmwareeq3.2.1-t1
zxa10_f819_firmwareeq1.2.1-t5
zxa10_f821_firmwareeq1.7.0-p3-t22
zxa10_f822_firmwareeq1.4.3-t6
zxa10_f822p_firmwareeq1.1.1-t7
zxa10_f832_firmwareeq1.1.1-t7
zxa10_f832v2_firmwareeq2.00.00.01
zxa10_f839_firmwareeq1.1.0-t8

Name	Operator	Version
zxa10_f809_firmware	eq	3.2.1-t1
zxa10_f819_firmware	eq	1.2.1-t5
zxa10_f821_firmware	eq	1.7.0-p3-t22
zxa10_f822_firmware	eq	1.4.3-t6
zxa10_f822p_firmware	eq	1.1.1-t7
zxa10_f832_firmware	eq	1.1.1-t7
zxa10_f832v2_firmware	eq	2.00.00.01
zxa10_f839_firmware	eq	1.1.0-t8

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524