CSRF Vulnerability in ZTE Management Page Affects ZXCLOUD iRAI
CVE-2021-21731

8.1HIGH

Key Information:

Vendor: Zte
Status: Zxcloud Irai
Vendor: CVE Published:; 13 April 2021

What is CVE-2021-21731?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the management page of ZTE's ZXCLOUD iRAI product. This issue arises from inadequate verification of incoming requests, enabling an attacker to send malicious requests that could lead to unauthorized data deletion on the affected device. This vulnerability affects all versions of ZXCLOUD iRAI up to KVM-ProductV6.03.04, offering an opportunity for exploitation if proper security measures are not implemented.

Affected Version(s)

ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2021
Vulnerability Reserved
Jan 4, 2021

Zte

What is CVE-2021-21731?

Affected Version(s)

References

CVSS V3.1

Timeline