CVE-2021-21726

low-risk
Published 2021-03-12

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.3/10 Low
LOCAL / LOW complexity

Affected Products (3)

Zxone 9700 Firmware
Zxone 8700 Firmware
Zxone 19700 Firmware

Affected Vendors

Zte

References (2)

Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664
Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664
19
/ 100
low-risk
Severity 10/34 · Low
Exploitability 0/34 · Minimal
Exposure 9/34 · Low