Primary

Context

ZTE ZXMP M721 Private Key Disclosure Vulnerability

Vulnerability

Patched

A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to access the device's communication private key, leading to key exposure and compromised communication security.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device's communication private key, which can undermine the security of encrypted communications.

Remediation

To address this vulnerability, users are advised to upgrade to version M721V5.40.010.001. Additionally, it is recommended to harden the SFTP configuration to prevent access to directories containing private keys.

Added: Oct 27, 2025, 9:17 AM

Updated: Oct 27, 2025, 2:00 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

7.9

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZTE ZXMP M721 Private Key Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ZTE ZXMP M721

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating