Login Sign Up

CVE-2021-21744

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in ZTE MF971R devices allows attackers to modify configuration files, potentially disabling security functions. It affects users of this specific ZTE mobile hotspot product. The attack requires network access to the device's management interface.

💻 Affected Systems

Products:
  • ZTE MF971R
Versions: Specific versions unknown; all versions prior to patched firmware are likely affected.
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability involves configuration file control; default settings may expose the management interface.

📦 What is this software?

Mf971r Firmware by Zte

View all CVEs affecting Mf971r Firmware →

Mf971r Firmware by Zte

View all CVEs affecting Mf971r Firmware →

Mf971r Firmware by Zte

View all CVEs affecting Mf971r Firmware →

Mf971r Firmware by Zte

View all CVEs affecting Mf971r Firmware →

Mf971r Firmware by Zte

View all CVEs affecting Mf971r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could disable all security features, gain full control of the device, intercept network traffic, or use it as a foothold for further attacks on connected networks.

🟠

Likely Case

Attackers modify configurations to disable security settings like firewalls or access controls, compromising device integrity and exposing connected devices to risks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the device itself, preventing lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation likely requires network access to the device's configuration interface; details are limited in public sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific version not specified in references; check ZTE advisory for updated firmware.

Vendor Advisory: https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764

Restart Required: Yes

Instructions:

1. Access the ZTE support page for the advisory. 2. Download the latest firmware for MF971R. 3. Upload and apply the firmware via the device's management interface. 4. Reboot the device to complete the update.

🔧 Temporary Workarounds

Restrict Network Access

all

Limit access to the device's management interface to trusted IPs only.

Configure firewall rules to block external access to the device's admin port (e.g., port 80/443).

Change Default Credentials

all

Use strong, unique passwords for the device admin account to reduce risk if access is gained.

Log into the device's web interface and update the admin password in settings.

🧯 If You Can't Patch

  • Isolate the device on a separate network segment to limit potential damage.
  • Monitor network traffic to/from the device for unusual configuration changes or access attempts.

🔍 How to Verify

Check if Vulnerable:

Check if the device is a ZTE MF971R and if firmware version is outdated by logging into the admin interface and reviewing system info.

Check Version:

Log into the device's web interface and navigate to System > Firmware or similar to view the current version.

Verify Fix Applied:

After updating, verify the firmware version matches the patched release from ZTE's advisory and test configuration changes to ensure they are properly restricted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual login attempts to the admin interface
  • Configuration file modification logs

Network Indicators:

  • Unexpected traffic to the device's management port from untrusted sources

SIEM Query:

Example: 'source_ip: [device_ip] AND (event_type: "config_change" OR event_type: "admin_login")'

📊 Metadata

CVE ID: CVE-2021-21744
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Published: October 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON