First published: Fri May 28 2021(Updated: )
Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxa10 F821 Firmware | =1.7.0p3t22 | |
Zte Zxa10 F821 | ||
Zte Zxa10 F822 Firmware | =1.4.3t6 | |
Zte Zxa10 F822 | ||
Zte Zxa10 F819 Firmware | =1.2.1t5 | |
Zte Zxa10 F819 | ||
Zte Zxa10 F832 Firmware | =1.1.1t7 | |
Zte Zxa10 F832 | ||
Zte Zxa10 F839 Firmware | =1.1.0t8 | |
Zte Zxa10 F839 | ||
Zte Zxa10 F809 Firmware | =3.2.1t1 | |
Zte Zxa10 F809 | ||
Zte Zxa10 F822p Firmware | =1.1.1t7 | |
Zte Zxa10 F822p | ||
Zte Zxa10 F832v2 Firmware | =2.00.00.01 | |
Zte Zxa10 F832v2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the ZTE PON MDU devices is CVE-2021-21734.
The ZTE PON MDU devices affected by this vulnerability are ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1.
The severity of CVE-2021-21734 is medium with a severity score of 6.5.
This vulnerability allows users with login authority to obtain sensitive information stored in plaintext on the affected ZTE PON MDU devices.
You can find more information about CVE-2021-21734 on the ZTE support website: [Link](https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524).