Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01
References
Link | Resource |
---|---|
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524 | Vendor Advisory |
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
21 Nov 2024, 05:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524 - Vendor Advisory |
10 Jun 2021, 19:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 | |
CPE | cpe:2.3:h:zte:zxa10_f832v2:-:*:*:*:*:*:*:* cpe:2.3:h:zte:zxa10_f821:-:*:*:*:*:*:*:* cpe:2.3:h:zte:zxa10_f822p:-:*:*:*:*:*:*:* cpe:2.3:h:zte:zxa10_f809:-:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f819_firmware:1.2.1t5:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f839_firmware:1.1.0t8:*:*:*:*:*:*:* cpe:2.3:h:zte:zxa10_f832:-:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f832v2_firmware:2.00.00.01:*:*:*:*:*:*:* cpe:2.3:h:zte:zxa10_f822:-:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f832_firmware:1.1.1t7:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f809_firmware:3.2.1t1:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f821_firmware:1.7.0p3t22:*:*:*:*:*:*:* cpe:2.3:h:zte:zxa10_f819:-:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f822p_firmware:1.1.1t7:*:*:*:*:*:*:* cpe:2.3:o:zte:zxa10_f822_firmware:1.4.3t6:*:*:*:*:*:*:* cpe:2.3:h:zte:zxa10_f839:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
References | (MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524 - Vendor Advisory |
28 May 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-28 12:15
Updated : 2024-11-21 05:48
NVD link : CVE-2021-21734
Mitre link : CVE-2021-21734
CVE.ORG link : CVE-2021-21734
JSON object : View
Products Affected
zte
- zxa10_f822_firmware
- zxa10_f832
- zxa10_f822p
- zxa10_f809
- zxa10_f819
- zxa10_f832v2
- zxa10_f822p_firmware
- zxa10_f822
- zxa10_f821_firmware
- zxa10_f832_firmware
- zxa10_f809_firmware
- zxa10_f819_firmware
- zxa10_f821
- zxa10_f839_firmware
- zxa10_f839
- zxa10_f832v2_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information