Search criteria
2 vulnerabilities found for AM3300V by KZ Broadband Technologies, Ltd.
CVE-2021-47740 (GCVE-0-2021-47740)
Vulnerability from nvd – Published: 2025-12-31 18:40 – Updated: 2026-01-02 20:42
VLAI?
Title
KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
Summary
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| KZ Broadband Technologies, Ltd. | JT3500V |
Affected:
2.0.1B1064
Affected: 2.0.1B1047 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47740",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T20:42:28.575250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T20:42:41.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "JT3500V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.1B1064"
},
{
"status": "affected",
"version": "2.0.1B1047"
}
]
},
{
"product": "AM6200M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3210"
}
]
},
{
"product": "AM6000N",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3042"
}
]
},
{
"product": "AM5000W",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3037"
}
]
},
{
"product": "AM4200M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B2996"
}
]
},
{
"product": "AM4100V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B2988"
}
]
},
{
"product": "AM3500MW",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1092"
}
]
},
{
"product": "AM3410V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1085"
}
]
},
{
"product": "AM3300V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1060"
}
]
},
{
"product": "AM3100E",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B981"
}
]
},
{
"product": "AM3100V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B946"
}
]
},
{
"product": "AM3000M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B21"
}
]
},
{
"product": "KZ7621U",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B14"
}
]
},
{
"product": "KZ3220M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B04"
}
]
},
{
"product": "KZ3120R",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2021-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:40:53.590Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5646)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/161892/"
},
{
"name": "IBM X-Force Vulnerability Exchange Entry",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198471"
},
{
"name": "KZ TECH Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.kzbtech.com/"
},
{
"name": "JATON TEC Homepage",
"tags": [
"product"
],
"url": "https://www.jatontech.com/"
},
{
"name": "Neotel Vendor Homepage",
"tags": [
"product"
],
"url": "https://neotel.mk/"
},
{
"name": "VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability"
}
],
"title": "KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47740",
"datePublished": "2025-12-31T18:40:53.590Z",
"dateReserved": "2025-12-23T13:24:04.581Z",
"dateUpdated": "2026-01-02T20:42:41.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47740 (GCVE-0-2021-47740)
Vulnerability from cvelistv5 – Published: 2025-12-31 18:40 – Updated: 2026-01-02 20:42
VLAI?
Title
KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
Summary
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| KZ Broadband Technologies, Ltd. | JT3500V |
Affected:
2.0.1B1064
Affected: 2.0.1B1047 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47740",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T20:42:28.575250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T20:42:41.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "JT3500V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.1B1064"
},
{
"status": "affected",
"version": "2.0.1B1047"
}
]
},
{
"product": "AM6200M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3210"
}
]
},
{
"product": "AM6000N",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3042"
}
]
},
{
"product": "AM5000W",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3037"
}
]
},
{
"product": "AM4200M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B2996"
}
]
},
{
"product": "AM4100V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B2988"
}
]
},
{
"product": "AM3500MW",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1092"
}
]
},
{
"product": "AM3410V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1085"
}
]
},
{
"product": "AM3300V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1060"
}
]
},
{
"product": "AM3100E",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B981"
}
]
},
{
"product": "AM3100V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B946"
}
]
},
{
"product": "AM3000M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B21"
}
]
},
{
"product": "KZ7621U",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B14"
}
]
},
{
"product": "KZ3220M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B04"
}
]
},
{
"product": "KZ3120R",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2021-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:40:53.590Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5646)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/161892/"
},
{
"name": "IBM X-Force Vulnerability Exchange Entry",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198471"
},
{
"name": "KZ TECH Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.kzbtech.com/"
},
{
"name": "JATON TEC Homepage",
"tags": [
"product"
],
"url": "https://www.jatontech.com/"
},
{
"name": "Neotel Vendor Homepage",
"tags": [
"product"
],
"url": "https://neotel.mk/"
},
{
"name": "VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability"
}
],
"title": "KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47740",
"datePublished": "2025-12-31T18:40:53.590Z",
"dateReserved": "2025-12-23T13:24:04.581Z",
"dateUpdated": "2026-01-02T20:42:41.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}