DoS Vulnerability in A ZTE Product

Initial release date:  March 29, 2021

 

CVE ID

CVE-2021-21727

 

CVSS 3.1 Base Score

8.6 HighAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

 

Description

A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXHN F623

All versions up to V6.0.0P3T33

V6.0.0P3T34

 

Acknowledgement

ZTE thanks Xiang Li of NISL Lab @ Tsinghua University for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

March 29, 2021, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.