VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2021· Updated Aug 3, 2024

CVE-2021-21727

CVE-2021-21727

Description

A remote attacker can cause denial of service on ZTE ZXHN F623 routers by sending crafted IPv6 packets, affecting all versions up to V6.0.0P3T33.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote attacker can cause denial of service on ZTE ZXHN F623 routers by sending crafted IPv6 packets, affecting all versions up to V6.0.0P3T33.

Vulnerability

The vulnerability resides in the IPv6 packet processing of ZTE ZXHN F623 routers. By sending specially constructed IPv6 packets, a remote attacker can trigger an amplification of traffic, leading to device denial of service. All versions up to V6.0.0P3T33 are affected [1].

Exploitation

An attacker needs network access to the target device and the ability to send IPv6 packets. No authentication or user interaction is required. The attacker crafts specific IPv6 packets that cause the device to amplify traffic, eventually exhausting resources and causing a denial of service [1].

Impact

Successful exploitation results in a denial of service condition, rendering the device unavailable. The CVSS v3.1 base score is 8.6 (High) with vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, indicating high availability impact and a changed scope [1].

Mitigation

ZTE has released firmware version V6.0.0P3T34 to fix this vulnerability. Users should update their ZXHN F623 devices to this version or later. No workarounds are mentioned in the advisory [1].

References
  1. Security Bulletin Details

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • ZTE/ZTEdescription
  • Zte/ZXHN F623llm-create
    Range: <=V6.0.0P3T33

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.