CVE-2021-47740

HIGH

KZTech JT3500V - Privilege Escalation

Title source: llm

Description

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.

References (7)

Core 7

Core References

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php

Exploit, Third Party Advisory exploit

https://packetstormsecurity.com/files/161892/

Third Party Advisory, VDB Entry vdb-entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/198471

Various Sources product

https://www.jatontech.com/

Various Sources product

https://neotel.mk/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability

Various Sources product

http://www.kzbtech.com/

Scores

CVSS v3 7.5

EPSS 0.0038

EPSS Percentile 29.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-613

Status published

Products (16)

KZ Broadband Technologies, Ltd./AM3000M 2.0.0B21

KZ Broadband Technologies, Ltd./AM3100E 2.0.0B981

KZ Broadband Technologies, Ltd./AM3100V 2.0.0B946

KZ Broadband Technologies, Ltd./AM3300V 2.0.0B1060

KZ Broadband Technologies, Ltd./AM3410V 2.0.0B1085

KZ Broadband Technologies, Ltd./AM3500MW 2.0.0B1092

KZ Broadband Technologies, Ltd./AM4100V 2.0.0B2988

KZ Broadband Technologies, Ltd./AM4200M 2.0.0B2996

KZ Broadband Technologies, Ltd./AM5000W 2.0.0B3037

KZ Broadband Technologies, Ltd./AM6000N 2.0.0B3042

... and 6 more

Published Dec 31, 2025

Tracked Since Feb 18, 2026