Details of VAR-202108-0469

ID

VAR-202108-0469

CVE

CVE-2021-21740

TITLE

ZTE Made residential gateway Product link interpretation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-009849

DESCRIPTION

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. ZTE Made residential gateway The product contains a link interpretation vulnerability.Information may be obtained. ZTE ZXHN H2640 is a home gateway device from China ZTE (ZTE). There is an information disclosure vulnerability in ZTE ZXHN H2640, which originates from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components

Trust: 2.25

sources: NVD: CVE-2021-21740 // JVNDB: JVNDB-2021-009849 // CNVD: CNVD-2022-13195 // VULMON: CVE-2021-21740

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-13195

AFFECTED PRODUCTS

vendor:	zte	model:	zxhn h2640	scope:	eq	version:	10.0.0c6_ty	Trust: 1.0
vendor:	zte	model:	zxhn h2640	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxhn h2640	scope:	eq	version:	-	Trust: 0.8
vendor:	zte	model:	zxhn h2640	scope:	eq	version:	zxhn h2640 firmware	Trust: 0.8
vendor:	zte	model:	zxhn h2640 10.0.0c6 ty	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-13195 // JVNDB: JVNDB-2021-009849 // NVD: CVE-2021-21740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21740
value:	LOW
Trust: 1.0
NVD:	CVE-2021-21740
value:	LOW
Trust: 0.8
CNVD:	CNVD-2022-13195
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202108-804
value:	LOW
Trust: 0.6
VULMON:	CVE-2021-21740
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-21740
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-13195
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-21740
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21740
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-13195 // VULMON: CVE-2021-21740 // JVNDB: JVNDB-2021-009849 // CNNVD: CNNVD-202108-804 // NVD: CVE-2021-21740

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.0
problemtype:	Link interpretation problem (CWE-59) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009849 // NVD: CVE-2021-21740

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202108-804

PATCH

title:	Information Leak Vulnerability in a ZTE's Residential Gateway Product	url:	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244	Trust: 0.8
title:	Patch for ZTE ZXHN H2640 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/321311	Trust: 0.6
title:	ZTE ZXHN H2640 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159113	Trust: 0.6

sources: CNVD: CNVD-2022-13195 // JVNDB: JVNDB-2021-009849 // CNNVD: CNNVD-202108-804

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21740	Trust: 3.9
db:	ZTE	id:	1017244	Trust: 2.3
db:	JVNDB	id:	JVNDB-2021-009849	Trust: 0.8
db:	CNVD	id:	CNVD-2022-13195	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-804	Trust: 0.6
db:	VULMON	id:	CVE-2021-21740	Trust: 0.1

sources: CNVD: CNVD-2022-13195 // VULMON: CVE-2021-21740 // JVNDB: JVNDB-2021-009849 // CNNVD: CNNVD-202108-804 // NVD: CVE-2021-21740

REFERENCES

url:	https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1017244	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21740	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/59.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-13195 // VULMON: CVE-2021-21740 // JVNDB: JVNDB-2021-009849 // CNNVD: CNNVD-202108-804 // NVD: CVE-2021-21740

SOURCES

db:	CNVD	id:	CNVD-2022-13195
db:	VULMON	id:	CVE-2021-21740
db:	JVNDB	id:	JVNDB-2021-009849
db:	CNNVD	id:	CNNVD-202108-804
db:	NVD	id:	CVE-2021-21740

LAST UPDATE DATE

2024-08-14T13:53:57.106000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-13195	date:	2022-02-22T00:00:00
db:	VULMON	id:	CVE-2021-21740	date:	2021-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-009849	date:	2022-06-01T08:08:00
db:	CNNVD	id:	CNNVD-202108-804	date:	2021-08-26T00:00:00
db:	NVD	id:	CVE-2021-21740	date:	2021-08-17T14:03:15.250

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-13195	date:	2022-02-22T00:00:00
db:	VULMON	id:	CVE-2021-21740	date:	2021-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-009849	date:	2022-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202108-804	date:	2021-08-09T00:00:00
db:	NVD	id:	CVE-2021-21740	date:	2021-08-09T16:15:07.037