CVE-2021-21734 - Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authorit

CVE-2021-21734

Summary

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524

Vulnerable Configurations

cpe:2.3:o:zte:zxa10_f821_firmware:1.7.0p3t22:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f821_firmware:1.7.0p3t22:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f821:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f821:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f822_firmware:1.4.3t6:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f822_firmware:1.4.3t6:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f822:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f822:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f819_firmware:1.2.1t5:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f819_firmware:1.2.1t5:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f819:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f819:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f832_firmware:1.1.1t7:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f832_firmware:1.1.1t7:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f832:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f832:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f839_firmware:1.1.0t8:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f839_firmware:1.1.0t8:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f839:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f839:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f809_firmware:3.2.1t1:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f809_firmware:3.2.1t1:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f809:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f809:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f822p_firmware:1.1.1t7:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f822p_firmware:1.1.1t7:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f822p:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f822p:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f832v2_firmware:2.00.00.01:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxa10_f832v2_firmware:2.00.00.01:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f832v2:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f832v2:-:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 10-06-2021 - 19:02)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:N

Last major update

10-06-2021 - 19:02

Published

28-05-2021 - 12:15

Last modified

10-06-2021 - 19:02