CVE-2021-21723 – A memory leak vulnerability in ZTE ZXR10 series... (How to Fix)

Q: What is the severity of CVE-2021-21723?

CVE-2021-21723 has a CVSS score of 7.5 (HIGH). A memory leak vulnerability in ZTE ZXR10 series routers allows remote attackers to cause denial of service by performing specific operations that trigger improper memory release handling. This affects ZXR10 9904, 9908, 9916, 9904-S, and 9908-S routers. The vulnerability can eventually lead to device crashes due to memory exhaustion.

📋 TL;DR

A memory leak vulnerability in ZTE ZXR10 series routers allows remote attackers to cause denial of service by performing specific operations that trigger improper memory release handling. This affects ZXR10 9904, 9908, 9916, 9904-S, and 9908-S routers. The vulnerability can eventually lead to device crashes due to memory exhaustion.

💻 Affected Systems

Products:

ZXR10 9904
ZXR10 9908
ZXR10 9916
ZXR10 9904-S
ZXR10 9908-S

Versions: All versions up to V1.01.10.B12

Operating Systems: ZTE proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: All affected products in default configuration are vulnerable; specific triggering scenarios required but accessible remotely

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, disrupting all network services through affected routers

🟠

Likely Case

Progressive performance degradation leading to intermittent service disruptions

🟢

If Mitigated

Minimal impact if devices are behind firewalls with restricted access and proper monitoring

🌐 Internet-Facing: HIGH - Remote attackers can exploit without authentication if devices are exposed

🏢 Internal Only: MEDIUM - Requires internal network access but still exploitable remotely

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires specific sequence of operations but no authentication; no public exploit code known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after V1.01.10.B12

Vendor Advisory: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424

Restart Required: Yes

Instructions:

1. Download firmware update from ZTE support portal. 2. Backup current configuration. 3. Upload and apply firmware update via management interface. 4. Reboot device. 5. Verify new version is running.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to management interfaces using firewall rules

Monitoring and Alerting

all

Implement memory usage monitoring with alerts for abnormal patterns

🧯 If You Can't Patch

Isolate affected devices in separate network segments with strict access controls
Implement aggressive memory monitoring and automated restart thresholds

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via CLI: 'show version' and compare against vulnerable versions

Check Version:

show version

Verify Fix Applied:

Verify firmware version is above V1.01.10.B12 and monitor for memory leak patterns

📡 Detection & Monitoring

Log Indicators:

Memory allocation errors
Abnormal memory usage patterns
Process restart logs

Network Indicators:

Unusual traffic patterns to management interfaces
Service disruption patterns

SIEM Query:

source="zte-router" (memory_usage>90% OR "out of memory" OR "memory leak")

📊 Metadata

CVE ID: CVE-2021-21723

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

Published: January 26, 2021

Last Updated: November 21, 2024

🔗 References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424 Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21723, you might also want to check these: