What is CVE-2021-21745?

CVE-2021-21745 is a vulnerability in Mf971r. Published 2021-10-20.

Is CVE-2021-21745 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mf971r

CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.

EPSS: 0.557 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a Mf971r — versions BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-21745?: CVE-2021-21745 is a vulnerability in Mf971r. Published 2021-10-20.
Is CVE-2021-21745 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.