First published: Fri Apr 09 2021(Updated: )
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxa10 C300m Firmware | <4.5 | |
Zte Zxa10 C300m |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21728 is a configuration error vulnerability in a ZTE product that allows an attacker to consume system processing resources by flooding a certain port with a large number of packets.
CVE-2021-21728 affects ZTE Zxa10 C300m Firmware versions up to but not including 4.5, allowing an attacker to reduce the system's processing capabilities by exploiting the vulnerability.
CVE-2021-21728 has a severity level of 5.3 (medium).
To fix CVE-2021-21728 in ZTE Zxa10 C300m Firmware, update to the latest version (4.5 or higher) which contains a fix for the vulnerability.
You can find more information about CVE-2021-21728 in ZTE's official advisory at [link](https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784).