CVE Vulnerability

CVE-2021-21739

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects:

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

4.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017024 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-08-05 08:15

Updated : 2021-08-12 02:50

NVD link : CVE-2021-21739

Mitre link : CVE-2021-21739

Products Affected
No products.
CWE
CWE-345