CVE-2021-21731: CSRF
First published: Tue Apr 13 2021(Updated: )
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Zxcloud Irai Firmware | <6.03.04 | |
| ZTE ZXCLOUD iRAI |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this CSRF vulnerability?
The vulnerability ID for this CSRF vulnerability is CVE-2021-21731.
What is the severity level of CVE-2021-21731?
The severity level of CVE-2021-21731 is high (8.1).
How does the CSRF vulnerability in CVE-2021-21731 occur?
The CSRF vulnerability in CVE-2021-21731 occurs because the management page of the ZTE product does not fully verify whether the request comes from a trusted user.
What are the affected software versions of CVE-2021-21731?
The affected software version for CVE-2021-21731 is Zte Zxcloud Irai Firmware up to and excluding version 6.03.04.
How can an attacker exploit CVE-2021-21731?
An attacker can exploit CVE-2021-21731 by submitting a malicious request to the affected device to delete the data.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/event
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/zte
- canonical/zte zxcloud irai firmware
- canonical/zte zxcloud irai