Details of VAR-202101-1633

ID

VAR-202101-1633

CVE

CVE-2021-21722

TITLE

ZTE Smart STB Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002597

DESCRIPTION

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. ZTE ZXV10 B860A is a network set-top box of China ZTE Corporation (ZTE). ZTE ZXV10 B860A has an information disclosure vulnerability

Trust: 2.16

sources: NVD: CVE-2021-21722 // JVNDB: JVNDB-2021-002597 // CNVD: CNVD-2021-03543

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-03543

AFFECTED PRODUCTS

vendor:	zte	model:	zxv10 b860a	scope:	eq	version:	v2.1-t_v0032.1.1.04_jiangsutelecom	Trust: 1.0
vendor:	zte	model:	zxv10 b860a	scope:	eq	version:	-	Trust: 0.8
vendor:	zte	model:	zxv10 b860a	scope:	eq	version:	zxv10 b860a firmware v2.1-t_v0032.1.1.04_jiangsutelecom	Trust: 0.8
vendor:	zte	model:	zxv10 b860a	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-03543 // JVNDB: JVNDB-2021-002597 // NVD: CVE-2021-21722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21722
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21722
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-03543
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-1139
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-21722
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-03543
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-21722
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21722
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-03543 // JVNDB: JVNDB-2021-002597 // CNNVD: CNNVD-202101-1139 // NVD: CVE-2021-21722

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-002597 // NVD: CVE-2021-21722

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1139

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202101-1139

PATCH

title:	Information Leak Vulnerability in a ZTE Product	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324	Trust: 0.8
title:	Patch for ZTE ZXV10 B860A information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/244381	Trust: 0.6
title:	ZTE ZXV10 B860A Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139238	Trust: 0.6

sources: CNVD: CNVD-2021-03543 // JVNDB: JVNDB-2021-002597 // CNNVD: CNNVD-202101-1139

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21722	Trust: 3.0
db:	ZTE	id:	1014324	Trust: 1.6
db:	JVNDB	id:	JVNDB-2021-002597	Trust: 0.8
db:	CNVD	id:	CNVD-2021-03543	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1139	Trust: 0.6

sources: CNVD: CNVD-2021-03543 // JVNDB: JVNDB-2021-002597 // CNNVD: CNNVD-202101-1139 // NVD: CVE-2021-21722

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-21722	Trust: 2.0
url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1014324	Trust: 1.6

sources: CNVD: CNVD-2021-03543 // JVNDB: JVNDB-2021-002597 // CNNVD: CNNVD-202101-1139 // NVD: CVE-2021-21722

SOURCES

db:	CNVD	id:	CNVD-2021-03543
db:	JVNDB	id:	JVNDB-2021-002597
db:	CNNVD	id:	CNNVD-202101-1139
db:	NVD	id:	CVE-2021-21722

LAST UPDATE DATE

2024-11-23T22:25:12.344000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-03543	date:	2021-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-002597	date:	2021-09-27T08:56:00
db:	CNNVD	id:	CNNVD-202101-1139	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-21722	date:	2024-11-21T05:48:52.870

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-03543	date:	2021-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-002597	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1139	date:	2021-01-14T00:00:00
db:	NVD	id:	CVE-2021-21722	date:	2021-01-14T16:15:19.053