KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability Severity Medium Date December 31, 2025 Affected Devices JT3500V 2.0.1B1064, 2.0.1B1047 M6200M 2.0.0B3210 M6000N 2.0.0B3042 M5000W 2.0.0B3037 M4200M 2.0.0B2996 M4100V 2.0.0B2988 M3500MW 2.0.0B1092 M3410V 2.0.0B1085 M3300V 2.0.0B1060 M3100E 2.0.0B981 M3100V 2.0.0B946 M3000M 2.0.0B21 Z7621U 2.0.0B14 KZ3220M 2.0.0B04 KZ3120R 2.0.0B01 CVE CVE-2021-47740 CWE CWE-613 Insufficient Session Expiration CVSS 6.9 CVSS V4 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N References Zero Science Lab Disclosure (ZSL-2021-5646) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange Entry KZ TECH Vendor Homepage JATON TEC Homepage https://neotel.mk/ Credit LiquidWorm as Gjoko Krstic of Zero Science Lab Description KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.