CVE-2021-47740

Summary

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.

Affected Software

VendorProductVersion RangeStatus
KZ Broadband Technologies, Ltd.JT3500V2.0.1B1064affected
KZ Broadband Technologies, Ltd.JT3500V2.0.1B1047affected
KZ Broadband Technologies, Ltd.AM6200M2.0.0B3210affected
KZ Broadband Technologies, Ltd.AM6000N2.0.0B3042affected
KZ Broadband Technologies, Ltd.AM5000W2.0.0B3037affected
KZ Broadband Technologies, Ltd.AM4200M2.0.0B2996affected
KZ Broadband Technologies, Ltd.AM4100V2.0.0B2988affected
KZ Broadband Technologies, Ltd.AM3500MW2.0.0B1092affected
KZ Broadband Technologies, Ltd.AM3410V2.0.0B1085affected
KZ Broadband Technologies, Ltd.AM3300V2.0.0B1060affected
KZ Broadband Technologies, Ltd.AM3100E2.0.0B981affected
KZ Broadband Technologies, Ltd.AM3100V2.0.0B946affected
KZ Broadband Technologies, Ltd.AM3000M2.0.0B21affected
KZ Broadband Technologies, Ltd.KZ7621U2.0.0B14affected
KZ Broadband Technologies, Ltd.KZ3220M2.0.0B04affected
KZ Broadband Technologies, Ltd.KZ3120R2.0.0B01affected

Weaknesses

  • CWE-613: Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References