CVE-2021-21726
LOWZTE ZXONE 9700, 8700, and 19700 Firmware - Denial of Service via Diagnostic Function Parameter Injection
Title source: llmDescription
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664
Scores
CVSS v3
2.3
EPSS
0.0005
EPSS Percentile
16.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-20
Status
published
Products (3)
zte/zxone_19700_firmware
1.0p02b219_\@ncpm-release_2.40r1-20200914.set
zte/zxone_8700_firmware
1.40.021.021cp049
zte/zxone_9700_firmware
1.40.021.021cp049
Published
Mar 12, 2021
Tracked Since
Feb 18, 2026