PT-2021-14745 · Zte · Zxa10 F832+5
Published
2021-05-28
·
Updated
2021-06-10
·
CVE-2021-21734
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ZTE PON MDU device ZXA10 F821 version 1.7.0P3T22
ZTE PON MDU device ZXA10 F822 version 1.4.3T6
ZTE PON MDU device ZXA10 F819 version 1.2.1T5
ZTE PON MDU device ZXA10 F832 version 1.1.1T7
ZTE PON MDU device ZXA10 F839 version 1.1.0T8
ZTE PON MDU device ZXA10 F809 version 3.2.1T1
ZTE PON MDU device ZXA10 F822P version 1.1.1T7
ZTE PON MDU device ZXA10 F832 version 2.00.00.01
Description
Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputting a command.
Recommendations
For ZTE PON MDU device ZXA10 F821 version 1.7.0P3T22, update to a version that stores sensitive information securely.
For ZTE PON MDU device ZXA10 F822 version 1.4.3T6, update to a version that stores sensitive information securely.
For ZTE PON MDU device ZXA10 F819 version 1.2.1T5, update to a version that stores sensitive information securely.
For ZTE PON MDU device ZXA10 F832 version 1.1.1T7, update to a version that stores sensitive information securely.
For ZTE PON MDU device ZXA10 F839 version 1.1.0T8, update to a version that stores sensitive information securely.
For ZTE PON MDU device ZXA10 F809 version 3.2.1T1, update to a version that stores sensitive information securely.
For ZTE PON MDU device ZXA10 F822P version 1.1.1T7, update to a version that stores sensitive information securely.
For ZTE PON MDU device ZXA10 F832 version 2.00.00.01, update to a version that stores sensitive information securely.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zxa10 F809
Zxa10 F819
Zxa10 F821
Zxa10 F822
Zxa10 F832
Zxa10 F839