CVE-2021-21744

EUVD-2021-8916
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
ztemf971r_firmware
1v1.0.0b06:v1.0
ztemf971r_firmware
2v1.0.0b03:v1.0
𝑥
= Vulnerable software versions
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764