Back to Explorer

CVE-2021-47740

PUBLISHED

12/31/2025 83251b91-4cc7-4094-a5c7-464a1b83ea10

Technical Description

KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.

Affected Products

KZ Broadband Technologies, Ltd.

JT3500V

2.0.1B10642.0.1B1047

KZ Broadband Technologies, Ltd.

AM6200M

2.0.0B3210

KZ Broadband Technologies, Ltd.

AM6000N

2.0.0B3042

KZ Broadband Technologies, Ltd.

AM5000W

2.0.0B3037

KZ Broadband Technologies, Ltd.

AM4200M

2.0.0B2996

KZ Broadband Technologies, Ltd.

AM4100V

2.0.0B2988

KZ Broadband Technologies, Ltd.

AM3500MW

2.0.0B1092

KZ Broadband Technologies, Ltd.

AM3410V

2.0.0B1085

KZ Broadband Technologies, Ltd.

AM3300V

2.0.0B1060

KZ Broadband Technologies, Ltd.

AM3100E

2.0.0B981

KZ Broadband Technologies, Ltd.

AM3100V

2.0.0B946

KZ Broadband Technologies, Ltd.

AM3000M

2.0.0B21

KZ Broadband Technologies, Ltd.

KZ7621U

2.0.0B14

KZ Broadband Technologies, Ltd.

KZ3220M

2.0.0B04

KZ Broadband Technologies, Ltd.

KZ3120R

2.0.0B01

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php

Zero Science Lab Disclosure (ZSL-2021-5646)

https://packetstormsecurity.com/files/161892/

Packet Storm Security Exploit Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/198471

IBM X-Force Vulnerability Exchange Entry

http://www.kzbtech.com/

KZ TECH Vendor Homepage

https://www.jatontech.com/

JATON TEC Homepage

https://neotel.mk/

Neotel Vendor Homepage

https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability

VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability

Impact Analysis

Attack Vector Network

Attack Complexity Low

Privileges Required None