exploitDog

CVE-2021-21739

Опубликовано: 05 авг. 2021

Источник: nvd

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24>

Ссылки

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017024
Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017024
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zte:zxctn_6120h_firmware:5.10.00b24:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxctn_6120h:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00022

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-345

Связанные уязвимости

GHSA-2r85-x553-vqw2

github

больше 3 лет назад

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24>

EPSS

Процентиль: 5%

0.00022

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-345