First published: Fri Mar 12 2021(Updated: )
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxone 9700 Firmware | =1.40.021.021cp049 | |
Zte Zxone 9700 | ||
Zte Zxone 8700 Firmware | =1.40.021.021cp049 | |
Zte Zxone 8700 | ||
Zte Zxone 19700 Firmware | =1.0p02b219_\@ncpm-release_2.40r1-20200914.set | |
Zte Zxone 19700 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21726 is a vulnerability in ZTE products that allows an attacker with high privileges to cause a process exception by repeatedly inputting illegal parameters.
ZTE products affected by CVE-2021-21726 include ZXONE 9700, ZXONE 8700, and ZXONE 19700.
CVE-2021-21726 has a severity rating of low with a value of 2.3.
An attacker with high privileges can exploit CVE-2021-21726 by repeatedly inputting illegal parameters in the diagnostic function interface of the affected ZTE products.
ZTE has released a security advisory detailing the vulnerability and recommending a software upgrade to address CVE-2021-21726.