CVE-2021-21722

{"id": "CVE-2021-21722", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2021-01-14T16:15:19.053", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom."}, {"lang": "es", "value": "Un ZTE Smart STB est\u00e1 afectado por una vulnerabilidad de filtrado de informaci\u00f3n. El dispositivo no verific\u00f3 completamente el registro, por lo que los atacantes podr\u00edan usar esta vulnerabilidad para obtener informaci\u00f3n confidencial del usuario para mayor detecci\u00f3n de informaci\u00f3n y ataques. Esto afecta a: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom"}], "lastModified": "2024-11-21T05:48:52.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxv10_b860a_firmware:v2.1-t_v0032.1.1.04_jiangsutelecom:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82FF3FEF-2943-4327-90F6-0C8AA7A63182"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxv10_b860a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "290044BC-2211-4044-8899-5D4B69C6A881"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}