|
Original release date: August 30, 2021 CVE ID CVE-2021-21741 CVSS 3.1 Base Score 8.1 High(AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L) Description There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command. Affected Products and Fixes Product Name | Affected Versions | Resolved Version | ZXV10 MS90 ZXV10 M9000C ZXV10 M910 | V1.2.20.01 series and earlier versions V1.2.21.01 and V1.2.21.01P01-P07 | V1.2.21.03P06 | V1.2.22.01 series | V2.22.10 | ZXV10 M900 | V1.2.19.01 series and earlier versions | This product is end-of-life, we recommend users to choose the alternative product ZXV10 M910. Users can also contact ZTE Global Customer Support Center to obtain the security hardening guidebook and modify the configuration to fix the vulnerability. Operator customers please dial 4008301118 (mobile phone) or 8008301118 (landline phone). Government and enterprise customers please dial 4008309870 (mobile phone) or 8008309870 (landline phone). |
Acknowledgement Thanks to China National Vulnerability Database (CNVD) for reporting the security vulnerability to ZTE PSIRT. Update Records August 30, 2021, initial. May 26, 2023, updated affected products and fixes. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|