CVE-2021-21734 Information

Description

Some PON MDU devices of ZTE stored sensitive information in plaintext and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22 ZXA10 F822 V1.4.3T6 ZXA10 F819 V1.2.1T5 ZXA10 F832 V1.1.1T7 ZXA10 F839 V1.1.0T8 ZXA10 F809 V3.2.1T1 ZXA10 F822P V1.1.1T7 ZXA10 F832 V2.00.00.01

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5