CVE-2021-21723

HIGH

ZTE Zxr10 9904 Firmware < v1.01.10.b12 - Memory Leak

Title source: rule

Description

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.

References (1)

[Vendor Advisory] http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424

Scores

CVSS v3 7.5

EPSS 0.0056

EPSS Percentile 68.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (5)

zte/zxr10_9904_firmware < v1.01.10.b12

zte/zxr10_9908_firmware < v1.01.10.b12

zte/zxr10_9916_firmware < v1.01.10.b12

zte/zxr10_9904-s_firmware < v1.01.10.b12

zte/zxr10_9908-s_firmware < v1.01.10.b12

Timeline

Published Jan 26, 2021

Tracked Since Feb 18, 2026