Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00138.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a ZTE PON MDU devices affected
Version Status Constraints
ZXA10 F821 V1.7.0P3T22,ZXA10 F822 V1.4.3T6,ZXA10 F819 V1.2.1T5,ZXA10 F832 V1.1.1T7,ZXA10 F839 V1.1.0T8,ZXA10 F809 V3.2.1T1,ZXA10 F822P V1.1.1T7,ZXA10 F832 V2.00.00.01 affected

Configuration 1 [-]

AND
cpe:2.3:o:zte:zxa10_f821_firmware:1.7.0p3t22:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f821:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:zte:zxa10_f822_firmware:1.4.3t6:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f822:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:zte:zxa10_f819_firmware:1.2.1t5:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f819:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:zte:zxa10_f832_firmware:1.1.1t7:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f832:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:zte:zxa10_f839_firmware:1.1.0t8:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f839:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:zte:zxa10_f809_firmware:3.2.1t1:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f809:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:zte:zxa10_f822p_firmware:1.1.1t7:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f822p:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:zte:zxa10_f832v2_firmware:2.00.00.01:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxa10_f832v2:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Zte Subscribe
Zxa10 F809 Subscribe
Zxa10 F809 Firmware Subscribe
Zxa10 F819 Subscribe
Zxa10 F819 Firmware Subscribe
Zxa10 F821 Subscribe
Zxa10 F821 Firmware Subscribe
Zxa10 F822 Subscribe
Zxa10 F822 Firmware Subscribe
Zxa10 F822p Subscribe
Zxa10 F822p Firmware Subscribe
Zxa10 F832 Subscribe
Zxa10 F832 Firmware Subscribe
Zxa10 F832v2 Subscribe
Zxa10 F832v2 Firmware Subscribe
Zxa10 F839 Subscribe
Zxa10 F839 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2021-8906 Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2024-08-03T18:23:29.232Z

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-21734

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-28T12:15:07.603

Modified: 2024-11-21T05:48:54.243

Link: CVE-2021-21734

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses