CVE-2021-21734

MEDIUM

ZTE ZXA10 F821/F822/F819/F832/F839/F809/F822P - Authenticated Cleartext Storage of Sensitive Information

Title source: llm

Description

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 33.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-312

Status published

Products (8)

zte/zxa10_f809_firmware 3.2.1t1

zte/zxa10_f819_firmware 1.2.1t5

zte/zxa10_f821_firmware 1.7.0p3t22

zte/zxa10_f822_firmware 1.4.3t6

zte/zxa10_f822p_firmware 1.1.1t7

zte/zxa10_f832_firmware 1.1.1t7

zte/zxa10_f832v2_firmware 2.00.00.01

zte/zxa10_f839_firmware 1.1.0t8

Published May 28, 2021

Tracked Since Feb 18, 2026