Vulnerabilities > CVE-2021-21723 - Memory Leak vulnerability in ZTE products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

zte

CWE-401

NVD

Published: 2021-01-26

Updated: 2024-11-21

Summary

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxr10 9904 Firmware - ZTE Zxr10 9904 Firmware V1.01.10.B12 ZTE Zxr10 9908 Firmware - ZTE Zxr10 9908 Firmware V1.01.10.B12 ZTE Zxr10 9916 Firmware - ZTE Zxr10 9916 Firmware V1.01.10.B12 ZTE Zxr10 9904 S Firmware - ZTE Zxr10 9904 S Firmware V1.01.10.B12 ZTE Zxr10 9908 S Firmware - ZTE Zxr10 9908 S Firmware V1.01.10.B12	10
Hardware	Zte ZTE Zxr10 9904 - ZTE Zxr10 9908 - ZTE Zxr10 9916 - ZTE Zxr10 9904 S - ZTE Zxr10 9908 S -	5

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References