CVE-2021-47740 (GCVE-0-2021-47740)

Vulnerability from cvelistv5 – Published: 2025-12-31 18:40 – Updated: 2026-01-02 20:42
VLAI?
Title
KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
Summary
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
KZ Broadband Technologies, Ltd. JT3500V Affected: 2.0.1B1064
Affected: 2.0.1B1047
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM6200M Affected: 2.0.0B3210
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM6000N Affected: 2.0.0B3042
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM5000W Affected: 2.0.0B3037
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM4200M Affected: 2.0.0B2996
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM4100V Affected: 2.0.0B2988
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM3500MW Affected: 2.0.0B1092
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM3410V Affected: 2.0.0B1085
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM3300V Affected: 2.0.0B1060
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM3100E Affected: 2.0.0B981
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM3100V Affected: 2.0.0B946
Create a notification for this product.
    KZ Broadband Technologies, Ltd. AM3000M Affected: 2.0.0B21
Create a notification for this product.
    KZ Broadband Technologies, Ltd. KZ7621U Affected: 2.0.0B14
Create a notification for this product.
    KZ Broadband Technologies, Ltd. KZ3220M Affected: 2.0.0B04
Create a notification for this product.
    KZ Broadband Technologies, Ltd. KZ3120R Affected: 2.0.0B01
Create a notification for this product.
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47740",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-02T20:42:28.575250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-02T20:42:41.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JT3500V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.1B1064"
            },
            {
              "status": "affected",
              "version": "2.0.1B1047"
            }
          ]
        },
        {
          "product": "AM6200M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B3210"
            }
          ]
        },
        {
          "product": "AM6000N",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B3042"
            }
          ]
        },
        {
          "product": "AM5000W",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B3037"
            }
          ]
        },
        {
          "product": "AM4200M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B2996"
            }
          ]
        },
        {
          "product": "AM4100V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B2988"
            }
          ]
        },
        {
          "product": "AM3500MW",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B1092"
            }
          ]
        },
        {
          "product": "AM3410V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B1085"
            }
          ]
        },
        {
          "product": "AM3300V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B1060"
            }
          ]
        },
        {
          "product": "AM3100E",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B981"
            }
          ]
        },
        {
          "product": "AM3100V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B946"
            }
          ]
        },
        {
          "product": "AM3000M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B21"
            }
          ]
        },
        {
          "product": "KZ7621U",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B14"
            }
          ]
        },
        {
          "product": "KZ3220M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B04"
            }
          ]
        },
        {
          "product": "KZ3120R",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B01"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2021-03-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T18:40:53.590Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Zero Science Lab Disclosure (ZSL-2021-5646)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php"
        },
        {
          "name": "Packet Storm Security Exploit Entry",
          "tags": [
            "exploit"
          ],
          "url": "https://packetstormsecurity.com/files/161892/"
        },
        {
          "name": "IBM X-Force Vulnerability Exchange Entry",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198471"
        },
        {
          "name": "KZ TECH Vendor Homepage",
          "tags": [
            "product"
          ],
          "url": "http://www.kzbtech.com/"
        },
        {
          "name": "JATON TEC Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.jatontech.com/"
        },
        {
          "name": "Neotel Vendor Homepage",
          "tags": [
            "product"
          ],
          "url": "https://neotel.mk/"
        },
        {
          "name": "VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability"
        }
      ],
      "title": "KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47740",
    "datePublished": "2025-12-31T18:40:53.590Z",
    "dateReserved": "2025-12-23T13:24:04.581Z",
    "dateUpdated": "2026-01-02T20:42:41.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47740\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-12-31T19:15:42.103\",\"lastModified\":\"2025-12-31T20:42:15.637\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"references\":[{\"url\":\"http://www.kzbtech.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/198471\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://neotel.mk/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://packetstormsecurity.com/files/161892/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.jatontech.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php\",\"source\":\"disclosure@vulncheck.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47740\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-02T20:42:28.575250Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-02T20:42:31.477Z\"}}], \"cna\": {\"title\": \"KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"LiquidWorm as Gjoko Krstic of Zero Science Lab\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"JT3500V\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.1B1064\"}, {\"status\": \"affected\", \"version\": \"2.0.1B1047\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM6200M\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B3210\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM6000N\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B3042\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM5000W\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B3037\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM4200M\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B2996\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM4100V\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B2988\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM3500MW\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B1092\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM3410V\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B1085\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM3300V\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B1060\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM3100E\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B981\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM3100V\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B946\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"AM3000M\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B21\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"KZ7621U\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B14\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"KZ3220M\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B04\"}]}, {\"vendor\": \"KZ Broadband Technologies, Ltd.\", \"product\": \"KZ3120R\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0B01\"}]}], \"datePublic\": \"2021-03-18T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php\", \"name\": \"Zero Science Lab Disclosure (ZSL-2021-5646)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://packetstormsecurity.com/files/161892/\", \"name\": \"Packet Storm Security Exploit Entry\", \"tags\": [\"exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/198471\", \"name\": \"IBM X-Force Vulnerability Exchange Entry\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"http://www.kzbtech.com/\", \"name\": \"KZ TECH Vendor Homepage\", \"tags\": [\"product\"]}, {\"url\": \"https://www.jatontech.com/\", \"name\": \"JATON TEC Homepage\", \"tags\": [\"product\"]}, {\"url\": \"https://neotel.mk/\", \"name\": \"Neotel Vendor Homepage\", \"tags\": [\"product\"]}, {\"url\": \"https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability\", \"name\": \"VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-12-31T18:40:53.590Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-47740\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-02T20:42:41.864Z\", \"dateReserved\": \"2025-12-23T13:24:04.581Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-12-31T18:40:53.590Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.