CVE-2021-21740 - OpenCVE

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zte	Zxhn H2640 Zxhn H2640 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:zte:zxhn_h2640:-:*:*:*:*:*:*:*

cpe:2.3:o:zte:zxhn_h2640_firmware:10.0.0c6_ty:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244

History

No history.

MITRE

Status: PUBLISHED

Assigner: zte

Published: 2021-08-09T15:30:12

Updated: 2024-08-03T18:23:29.257Z

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-21740

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-09T16:15:07.037

Modified: 2021-08-17T14:03:15.250

Link: CVE-2021-21740

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ZXHN H2640", "vendor": "n/a", "versions": [{"status": "affected", "version": "V10.0.0C6_TY"}]}], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak."}], "problemTypes": [{"descriptions": [{"description": "information leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-09T15:30:12", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2021-21740", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ZXHN H2640", "version": {"version_data": [{"version_value": "V10.0.0C6_TY"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information leak"}]}]}, "references": {"reference_data": [{"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244", "refsource": "MISC", "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:23:29.257Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244"}]}]}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2021-21740", "datePublished": "2021-08-09T15:30:12", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:23:29.257Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h2640:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4451A86-1BF1-4B10-9A5A-0D532C9F5F9B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h2640_firmware:10.0.0c6_ty:*:*:*:*:*:*:*", "matchCriteriaId": "FC47AFC2-3F09-43A5-8E36-7C751180CE82", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en el reproductor multimedia digital (DMS) del producto de puerta de enlace residencial de ZTE. El atacante podr\u00eda insertar el disco USB con el enlace simb\u00f3lico en el gateway residencial y acceder a informaci\u00f3n de directorio no autorizada mediante el enlace simb\u00f3lico, causando un filtrado de informaci\u00f3n"}], "id": "CVE-2021-21740", "lastModified": "2021-08-17T14:03:15.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-09T16:15:07.037", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}