Vulnerabilities > CVE-2021-21723 - Memory Leak vulnerability in ZTE products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

zte

CWE-401

NVD

Published: 2021-01-26

Updated: 2021-02-02

Summary

Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxr10 9904 Firmware * ZTE Zxr10 9908 Firmware * ZTE Zxr10 9916 Firmware * ZTE Zxr10 9904 S Firmware * ZTE Zxr10 9908 S Firmware *	5
Hardware	Zte ZTE Zxr10 9904 - ZTE Zxr10 9908 - ZTE Zxr10 9916 - ZTE Zxr10 9904 S - ZTE Zxr10 9908 S -	5

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424