PT-2021-14734 · Zte · Zte Zxr10 9916+2
Published
2021-01-21
·
Updated
2021-02-02
·
CVE-2021-21723
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ZTE ZXR10 9904 versions up to V1.01.10.B12
ZTE ZXR10 9908 versions up to V1.01.10.B12
ZTE ZXR10 9916 versions up to V1.01.10.B12
ZTE ZXR10 9904-S versions up to V1.01.10.B12
ZTE ZXR10 9908-S versions up to V1.01.10.B12
Description
The issue arises from the improper handling of memory release in specific scenarios, allowing a remote attacker to trigger a memory leak by performing a series of operations. This can eventually lead to device denial of service.
Recommendations
For ZTE ZXR10 9904 versions up to V1.01.10.B12, update to a version later than V1.01.10.B12.
For ZTE ZXR10 9908 versions up to V1.01.10.B12, update to a version later than V1.01.10.B12.
For ZTE ZXR10 9916 versions up to V1.01.10.B12, update to a version later than V1.01.10.B12.
For ZTE ZXR10 9904-S versions up to V1.01.10.B12, update to a version later than V1.01.10.B12.
For ZTE ZXR10 9908-S versions up to V1.01.10.B12, update to a version later than V1.01.10.B12.
Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zte Zxr10 9904
Zte Zxr10 9908
Zte Zxr10 9916