|
Initial release date: April 9, 2021 CVE ID CVE-2021-21731 CVSS 3.1 Base Score 6.4 Medium(AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H) Description A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXCLOUD iRAI | All versions up to KVM-ProductV6.03.04 | KVM-ProductV6.03.04P1 |
Source The vulnerability was found by ZTE's internal test. Update Records April 9, 2021, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|