Configuration Error Vulnerability in A ZTE Product

Initial release date:  April 9, 2021

 

CVE ID

CVE-2021-21728

 

CVSS 3.1 Base Score

3.1 Low (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

 

Description

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXA10 C300M

all versions up to V4.3P8

V4.5

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

April 9, 2021, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]