CVE-2021-21735

{"id": "CVE-2021-21735", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-06-10T12:15:08.457", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE."}, {"lang": "es", "value": "Un producto de ZTE tiene una vulnerabilidad de filtrado de informaci\u00f3n. Debido a una configuraci\u00f3n inapropiada de los permisos, un atacante con permisos de usuario ordinarios podr\u00eda explotar esta vulnerabilidad para obtener alguna informaci\u00f3n sensible del usuario mediante la p\u00e1gina del asistente sin autenticaci\u00f3n. Esto afecta al producto ZXHN H168N en todas las versiones hasta la V3.5.0_EG1T4_TE"}], "lastModified": "2024-11-21T05:48:54.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h168n_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D73A05-D677-4AFF-86C2-A0942DF5E8A1", "versionEndIncluding": "3.5.0_eg1t4_te"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h168n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "391EB61C-0A7B-48A6-8BBD-944C848ACD10"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}