Details of VAR-202109-0380

ID

VAR-202109-0380

CVE

CVE-2021-21742

TITLE

ZTE Vulnerabilities in mobile phones

Trust: 0.8

sources: JVNDB: JVNDB-2021-012446

DESCRIPTION

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. ZTE Mobile phones have unspecified vulnerabilities.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2021-21742 // JVNDB: JVNDB-2021-012446 // VULHUB: VHN-380146 // VULMON: CVE-2021-21742

AFFECTED PRODUCTS

vendor:	zte	model:	axon 30 pro message service	scope:	eq	version:	5.3.1.2103091059	Trust: 1.0
vendor:	zte	model:	axon 30 pro message service app	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	axon 30 pro message service app	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012446 // NVD: CVE-2021-21742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21742
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21742
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202109-1694
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380146
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21742
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21742
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380146
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21742
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21742
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380146 // VULMON: CVE-2021-21742 // JVNDB: JVNDB-2021-012446 // CNNVD: CNNVD-202109-1694 // NVD: CVE-2021-21742

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-012446 // NVD: CVE-2021-21742

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1694

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202109-1694

PATCH

title:	Information Leak Vulnerability in The Message Service App of a ZTE Mobile Phone	url:	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019084	Trust: 0.8
title:	ZTE Axon 30 Pro Message Service App Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164772	Trust: 0.6

sources: JVNDB: JVNDB-2021-012446 // CNNVD: CNNVD-202109-1694

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21742	Trust: 3.4
db:	ZTE	id:	1019084	Trust: 1.8
db:	JVNDB	id:	JVNDB-2021-012446	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-1694	Trust: 0.7
db:	VULHUB	id:	VHN-380146	Trust: 0.1
db:	VULMON	id:	CVE-2021-21742	Trust: 0.1

sources: VULHUB: VHN-380146 // VULMON: CVE-2021-21742 // JVNDB: JVNDB-2021-012446 // CNNVD: CNNVD-202109-1694 // NVD: CVE-2021-21742

REFERENCES

url:	https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019084	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21742	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380146 // VULMON: CVE-2021-21742 // JVNDB: JVNDB-2021-012446 // CNNVD: CNNVD-202109-1694 // NVD: CVE-2021-21742

SOURCES

db:	VULHUB	id:	VHN-380146
db:	VULMON	id:	CVE-2021-21742
db:	JVNDB	id:	JVNDB-2021-012446
db:	CNNVD	id:	CNNVD-202109-1694
db:	NVD	id:	CVE-2021-21742

LAST UPDATE DATE

2024-08-14T15:17:03.689000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380146	date:	2021-09-30T00:00:00
db:	VULMON	id:	CVE-2021-21742	date:	2021-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-012446	date:	2022-08-31T07:18:00
db:	CNNVD	id:	CNNVD-202109-1694	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-21742	date:	2021-09-30T17:16:36.037

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380146	date:	2021-09-25T00:00:00
db:	VULMON	id:	CVE-2021-21742	date:	2021-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-012446	date:	2022-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202109-1694	date:	2021-09-24T00:00:00
db:	NVD	id:	CVE-2021-21742	date:	2021-09-25T00:15:07.210