CVE-2021-21734

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
zteCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
ztezxa10_f821_firmware
1.7.0p3t22:p3t22
ztezxa10_f822_firmware
1.4.3t6:t6
ztezxa10_f819_firmware
1.2.1t5:t5
ztezxa10_f832_firmware
1.1.1t7:t7
ztezxa10_f839_firmware
1.1.0t8:t8
ztezxa10_f809_firmware
3.2.1t1:t1
ztezxa10_f822p_firmware
1.1.1t7:t7
ztezxa10_f832v2_firmware
2.00.00.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524