CRLF Injection Vulnerability in ZTE MF971R Product
CVE-2021-21743

4.3MEDIUM

Key Information:

Vendor: Zte
Status: Mf971r
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-21743?

The ZTE MF971R product is susceptible to a CRLF injection vulnerability that allows attackers to manipulate HTTP response headers. By crafting a malicious HTTP request, an attacker could exploit this vulnerability to alter server behavior or redirect users unwittingly. This security flaw poses a significant risk to the integrity and confidentiality of data transmitted through affected devices.

Affected Version(s)

MF971R BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jan 4, 2021

JSON

Zte

What is CVE-2021-21743?

Affected Version(s)

References

CVSS V3.1

Timeline