Encryption Problem in Some ZTE Products

Original release date: May 25, 2021
 

 

CVE ID

CVE-2021-21734

 

CVSS 3.1 Base Score

2.1 Low AV:A/AC:L/PR:R/UI:R/S:U/C:L/I:N/A:N)

 
Description

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXA10 F821

ZXA10 F821 V1.7.0P3T22

ZXA10 F821 V1.7.0P3T25

ZXA10 F822

ZXA10 F822 V1.4.3T6

ZXA10 F822 V1.4.4T2

ZXA10 F819

ZXA10 F819 V1.2.1T5

ZXA10 F819 V1.2.1T6

ZXA10 F832

ZXA10 F832 V1.1.1T7

ZXA10 F832 V1.1.1T8

ZXA10 F839

ZXA10 F839 V1.1.0T8

ZXA10 F839 V1.1.0T9

ZXA10 F809

ZXA10 F809 V3.2.1T1

ZXA10 F809 V3.2.1T2

ZXA10 F822p

ZXA10 F822P V1.1.1T7

ZXA10 F822P V1.1.1T8

ZXA10 F832V2

ZXA10 F832 V2.00.00.01

ZXA10 F832 V2.00.00.02

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

May 25, 2021, initial.

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.