Input Validation Vulnerability in Some ZTE Products

Initial release date:  March 10, 2021

 

CVE ID

CVE-2021-21726

 

CVSS 3.1 Base Score

1.9 LowAV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

 

Description

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXONE 9700

ZXONE 8700

V1.40.021.021CP049 

V1.40.040.100_M2SNPE

ZXONE 19700

V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set

V1.0P02B224_@NCPM-RELEASE_2.40R1-20201208.set

V1.0P02B224C16_@NCPM.set

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

March 10, 2021, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]