{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-47740", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-23T13:24:04.581Z", "datePublished": "2025-12-31T18:40:53.590Z", "dateUpdated": "2025-12-31T18:40:53.590Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-31T18:40:53.590Z"}, "datePublic": "2021-03-18T00:00:00.000Z", "title": "KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability", "descriptions": [{"lang": "en", "value": "KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insufficient Session Expiration", "cweId": "CWE-613", "type": "CWE"}]}], "affected": [{"vendor": "KZ Broadband Technologies, Ltd.", "product": "JT3500V", "versions": [{"version": "2.0.1B1064", "status": "affected"}, {"version": "2.0.1B1047", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM6200M", "versions": [{"version": "2.0.0B3210", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM6000N", "versions": [{"version": "2.0.0B3042", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM5000W", "versions": [{"version": "2.0.0B3037", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM4200M", "versions": [{"version": "2.0.0B2996", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM4100V", "versions": [{"version": "2.0.0B2988", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM3500MW", "versions": [{"version": "2.0.0B1092", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM3410V", "versions": [{"version": "2.0.0B1085", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM3300V", "versions": [{"version": "2.0.0B1060", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM3100E", "versions": [{"version": "2.0.0B981", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM3100V", "versions": [{"version": "2.0.0B946", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "AM3000M", "versions": [{"version": "2.0.0B21", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "KZ7621U", "versions": [{"version": "2.0.0B14", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "KZ3220M", "versions": [{"version": "2.0.0B04", "status": "affected"}]}, {"vendor": "KZ Broadband Technologies, Ltd.", "product": "KZ3120R", "versions": [{"version": "2.0.0B01", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php", "name": "Zero Science Lab Disclosure (ZSL-2021-5646)", "tags": ["third-party-advisory"]}, {"url": "https://packetstormsecurity.com/files/161892/", "name": "Packet Storm Security Exploit Entry", "tags": ["exploit"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198471", "name": "IBM X-Force Vulnerability Exchange Entry", "tags": ["vdb-entry"]}, {"url": "http://www.kzbtech.com/", "name": "KZ TECH Vendor Homepage", "tags": ["product"]}, {"url": "https://www.jatontech.com/", "name": "JATON TEC Homepage", "tags": ["product"]}, {"url": "https://neotel.mk/", "name": "Neotel Vendor Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability"}], "credits": [{"lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms."}], "id": "CVE-2021-47740", "lastModified": "2025-12-31T20:42:15.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-31T19:15:42.103", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.kzbtech.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198471"}, {"source": "disclosure@vulncheck.com", "url": "https://neotel.mk/"}, {"source": "disclosure@vulncheck.com", "url": "https://packetstormsecurity.com/files/161892/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.jatontech.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{}