Search criteria
1 vulnerability by KZ Broadband Technologies, Ltd.
CVE-2021-47740 (GCVE-0-2021-47740)
Vulnerability from cvelistv5 – Published: 2025-12-31 18:40 – Updated: 2026-01-02 20:42
VLAI
Title
KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
Summary
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://packetstormsecurity.com/files/161892/ | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| http://www.kzbtech.com/ | product |
| https://www.jatontech.com/ | product |
| https://neotel.mk/ | product |
| https://www.vulncheck.com/advisories/kztech-jtv-g… | third-party-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| KZ Broadband Technologies, Ltd. | JT3500V |
Affected:
2.0.1B1064
Affected: 2.0.1B1047 |
|
| KZ Broadband Technologies, Ltd. | AM6200M |
Affected:
2.0.0B3210
|
|
| KZ Broadband Technologies, Ltd. | AM6000N |
Affected:
2.0.0B3042
|
|
| KZ Broadband Technologies, Ltd. | AM5000W |
Affected:
2.0.0B3037
|
|
| KZ Broadband Technologies, Ltd. | AM4200M |
Affected:
2.0.0B2996
|
|
| KZ Broadband Technologies, Ltd. | AM4100V |
Affected:
2.0.0B2988
|
|
| KZ Broadband Technologies, Ltd. | AM3500MW |
Affected:
2.0.0B1092
|
|
| KZ Broadband Technologies, Ltd. | AM3410V |
Affected:
2.0.0B1085
|
|
| KZ Broadband Technologies, Ltd. | AM3300V |
Affected:
2.0.0B1060
|
|
| KZ Broadband Technologies, Ltd. | AM3100E |
Affected:
2.0.0B981
|
|
| KZ Broadband Technologies, Ltd. | AM3100V |
Affected:
2.0.0B946
|
|
| KZ Broadband Technologies, Ltd. | AM3000M |
Affected:
2.0.0B21
|
|
| KZ Broadband Technologies, Ltd. | KZ7621U |
Affected:
2.0.0B14
|
|
| KZ Broadband Technologies, Ltd. | KZ3220M |
Affected:
2.0.0B04
|
|
| KZ Broadband Technologies, Ltd. | KZ3120R |
Affected:
2.0.0B01
|
Date Public
2021-03-18 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47740",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T20:42:28.575250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T20:42:41.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "JT3500V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.1B1064"
},
{
"status": "affected",
"version": "2.0.1B1047"
}
]
},
{
"product": "AM6200M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3210"
}
]
},
{
"product": "AM6000N",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3042"
}
]
},
{
"product": "AM5000W",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B3037"
}
]
},
{
"product": "AM4200M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B2996"
}
]
},
{
"product": "AM4100V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B2988"
}
]
},
{
"product": "AM3500MW",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1092"
}
]
},
{
"product": "AM3410V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1085"
}
]
},
{
"product": "AM3300V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B1060"
}
]
},
{
"product": "AM3100E",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B981"
}
]
},
{
"product": "AM3100V",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B946"
}
]
},
{
"product": "AM3000M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B21"
}
]
},
{
"product": "KZ7621U",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B14"
}
]
},
{
"product": "KZ3220M",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B04"
}
]
},
{
"product": "KZ3120R",
"vendor": "KZ Broadband Technologies, Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.0B01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2021-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:40:53.590Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5646)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/161892/"
},
{
"name": "IBM X-Force Vulnerability Exchange Entry",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198471"
},
{
"name": "KZ TECH Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.kzbtech.com/"
},
{
"name": "JATON TEC Homepage",
"tags": [
"product"
],
"url": "https://www.jatontech.com/"
},
{
"name": "Neotel Vendor Homepage",
"tags": [
"product"
],
"url": "https://neotel.mk/"
},
{
"name": "VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability"
}
],
"title": "KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47740",
"datePublished": "2025-12-31T18:40:53.590Z",
"dateReserved": "2025-12-23T13:24:04.581Z",
"dateUpdated": "2026-01-02T20:42:41.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}