Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21739

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24>

Published

2021-08-05T20:15:07.703

Last Modified

2024-11-21T05:48:54.873

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	zxctn_6120h_firmware	5.10.00b24	Yes
Hardware	zte	zxctn_6120h	-	No

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017024 Vendor Advisory ([email protected])
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017024 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)