Insufficient Verification of Data reliability in a ZTE's Product

Original release date:  July 28, 2021

 

CVE ID

CVE-2021-21739

 

CVSS 3.1 Base Score

2.6 LowAV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

 

Description

A ZTEs product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXCTN 6120H

 V5.10.00B24

V5.10.00B27

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

July 28, 2021, initial. 

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website. 

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.