Zxr10 9904 Firmware
CVE-2021-21723
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.
AnalysisAI
Some ZTE products have a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12. Affected products include: Zte Zxr10 9904 Firmware, Zte Zxr10 9908 Firmware, Zte Zxr10 9916 Firmware, Zte Zxr10 9904-S Firmware, Zte Zxr10 9908-S Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
Same weakness CWE-401 – Memory Leak
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today