Details of VAR-202112-1732

ID

VAR-202112-1732

CVE

CVE-2021-21751

TITLE

ZXIN10 CMS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017509

DESCRIPTION

ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception. ZXIN10 CMS There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. This vulnerability is caused by the inconsistency of front and back verification when configuring large-screen pages

Trust: 1.8

sources: NVD: CVE-2021-21751 // JVNDB: JVNDB-2021-017509 // VULHUB: VHN-380155 // VULMON: CVE-2021-21751

AFFECTED PRODUCTS

vendor:	zte	model:	zxin10 cms	scope:	lte	version:	3.01.01.04	Trust: 1.0
vendor:	zte	model:	zxin10 cms	scope:	eq	version:	-	Trust: 0.8
vendor:	zte	model:	zxin10 cms	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017509 // NVD: CVE-2021-21751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21751
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21751
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2627
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380155
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21751
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-380155
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21751
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21751
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380155 // JVNDB: JVNDB-2021-017509 // CNNVD: CNNVD-202112-2627 // NVD: CVE-2021-21751

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-380155 // JVNDB: JVNDB-2021-017509 // NVD: CVE-2021-21751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2627

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202112-2627

PATCH

title:	Two Vulnerabilities in a ZTE BigVideo Analysis Product	url:	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884	Trust: 0.8
title:	ZTE BigVideo Analysis product Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177141	Trust: 0.6

sources: JVNDB: JVNDB-2021-017509 // CNNVD: CNNVD-202112-2627

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21751	Trust: 3.4
db:	ZTE	id:	1021884	Trust: 1.8
db:	JVNDB	id:	JVNDB-2021-017509	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2627	Trust: 0.7
db:	VULHUB	id:	VHN-380155	Trust: 0.1
db:	VULMON	id:	CVE-2021-21751	Trust: 0.1

sources: VULHUB: VHN-380155 // VULMON: CVE-2021-21751 // JVNDB: JVNDB-2021-017509 // CNNVD: CNNVD-202112-2627 // NVD: CVE-2021-21751

REFERENCES

url:	https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1021884	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21751	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380155 // VULMON: CVE-2021-21751 // JVNDB: JVNDB-2021-017509 // CNNVD: CNNVD-202112-2627 // NVD: CVE-2021-21751

SOURCES

db:	VULHUB	id:	VHN-380155
db:	VULMON	id:	CVE-2021-21751
db:	JVNDB	id:	JVNDB-2021-017509
db:	CNNVD	id:	CNNVD-202112-2627
db:	NVD	id:	CVE-2021-21751

LAST UPDATE DATE

2024-08-14T14:02:53.385000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380155	date:	2022-01-12T00:00:00
db:	VULMON	id:	CVE-2021-21751	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-017509	date:	2023-01-24T05:01:00
db:	CNNVD	id:	CNNVD-202112-2627	date:	2022-01-13T00:00:00
db:	NVD	id:	CVE-2021-21751	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380155	date:	2021-12-27T00:00:00
db:	VULMON	id:	CVE-2021-21751	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-017509	date:	2023-01-24T00:00:00
db:	CNNVD	id:	CNNVD-202112-2627	date:	2021-12-27T00:00:00
db:	NVD	id:	CVE-2021-21751	date:	2021-12-27T19:15:08.060