Session Management Vulnerability in KZTech JT3500V 4G LTE CPE
CVE-2021-47740

6.9MEDIUM

Key Information:

Vendor

Kz Broadband Technologies, Ltd.

Status
Jt3500v
Am6200m
Am6000n
Am5000w
Vendor
CVE Published:
31 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2021-47740?

The KZTech JT3500V 4G LTE CPE (version 2.0.1) is affected by a vulnerability that allows attackers to exploit inadequate session expiration controls. This flaw permits the reuse of old session credentials, enabling unauthorized users to maintain access and potentially compromise the authentication mechanisms of the device. Such vulnerabilities highlight the importance of robust session management practices to prevent unauthorized access and protect sensitive information.

Affected Version(s)

AM3000M 2.0.0B21

AM3100E 2.0.0B981

AM3100V 2.0.0B946

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47740 - Proof of Concept

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-56...
third-party-advisory
https://packetstormsecurity.com/files/161892/
exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/198471
vdb-entry

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiquidWorm as Gjoko Krstic of Zero Science Lab
JSON
.
CVE-2021-47740 : Session Management Vulnerability in KZTech JT3500V 4G LTE CPE