CVE-2021-21745

MEDIUM EXPLOITED NUCLEI

ZTE Mf971r Firmware - CSRF

Title source: rule

Description

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.

Nuclei Templates (1)

ZTE MF971R - Referer authentication bypass

MEDIUMby gy741

References (1)

[Vendor Advisory] https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764

Scores

CVSS v3 4.3

EPSS 0.3641

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

VulnCheck KEV 2024-01-22

CWE

CWE-352

Status published

Products (5)

zte/mf971r_firmware v1.0.0b05

zte/mf971r_firmware 1v1.0.0b06

zte/mf971r_firmware 2v1.0.0b03

zte/mf971r_firmware s2v1.0.0b03

zte/mf971r_firmware sv1.0.0b05

Published Oct 20, 2021

Tracked Since Feb 18, 2026