CVE-2021-21739 — MEDIUM (4.6)

Vulnerability Description

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24>

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Zte	Zxctn 6120H Firmware	5.10.00b24
Zte	Zxctn 6120H	-

Related Weaknesses (CWE)

CWE-345

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017024Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017024Vendor Advisory

FAQ

What is CVE-2021-21739?

CVE-2021-21739 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optic...

How severe is CVE-2021-21739?

CVE-2021-21739 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21739?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxctn 6120H Firmware, Zte Zxctn 6120H.