← Back

CVE-2021-21723

nvd nist
Published: Jan 26, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.

Affected (5)

Zte
5 products
Zxr10 9904 Firmware
Zxr10 9908 Firmware
Zxr10 9916 Firmware
Zxr10 9904 S Firmware
Zxr10 9908 S Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zxr10 9904 Firmware
Up to v1.01.10.b12
Running on/withPlatform Versions
Zte
Zxr10 9904
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zxr10 9908 Firmware
Up to v1.01.10.b12
Running on/withPlatform Versions
Zte
Zxr10 9908
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zxr10 9916 Firmware
Up to v1.01.10.b12
Running on/withPlatform Versions
Zte
Zxr10 9916
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zxr10 9904 S Firmware
Up to v1.01.10.b12
Running on/withPlatform Versions
Zte
Zxr10 9904 S
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zxr10 9908 S Firmware
Up to v1.01.10.b12
Running on/withPlatform Versions
Zte
Zxr10 9908 S
All versions

Related CWEs

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

Source: psirt@zte.com.cn
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.