|
Initial release date: March 10, 2021 CVE ID CVE-2021-21726 CVSS 3.1 Base Score 1.9 Low(AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L) Description Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXONE 9700 ZXONE 8700 | V1.40.021.021CP049 | V1.40.040.100_M2SNPE | ZXONE 19700 | V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set | V1.0P02B224_@NCPM-RELEASE_2.40R1-20201208.set V1.0P02B224C16_@NCPM.set |
Source The vulnerability was found by ZTE's internal test. Update Records March 10, 2021, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|