{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-21741", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "dateUpdated": "2024-08-03T18:23:28.495Z", "dateReserved": "2021-01-04T00:00:00", "datePublished": "2021-08-30T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2023-06-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command."}], "affected": [{"vendor": "n/a", "product": "ZXV10 M910", "versions": [{"version": "ZXV10 M910 V1.2.21.01.04P01,ZXV10 M910 V1.2.20.01U01.01,ZXV10 M910 V1.2.19.01U01.01,ZXV10 M910 V1.2.16.01U01.01", "status": "affected"}]}], "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "command execution"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:23:28.495Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.16.01u01.01:*:*:*:*:*:*:*", "matchCriteriaId": "164F10FD-FD8A-470C-B0AC-04B253070FF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.19.01u01.01:*:*:*:*:*:*:*", "matchCriteriaId": "4CA83CD1-309A-4E15-9395-EFB3976EC50E", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.20.01u01.01:*:*:*:*:*:*:*", "matchCriteriaId": "C2C3057A-C517-4FF9-B03F-A91DF8DF675D", "vulnerable": true}, {"criteria": "cpe:2.3:o:zte:zxv10_m910_firmware:1.2.21.01.04:p01:*:*:*:*:*:*", "matchCriteriaId": "65C1CF13-8E64-4231-BF21-6928C7189502", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxv10_m910:*:*:*:*:*:*:*:*", "matchCriteriaId": "A39F1727-2C52-4AC9-9AD1-D6D6D44CE7AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command."}, {"lang": "es", "value": "Un sistema de administraci\u00f3n de conferencias de ZTE, est\u00e1 afectado por una vulnerabilidad de ejecuci\u00f3n de comandos. Dado que el servicio de objetos java de soapmonitor est\u00e1 habilitado por defecto, el atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar comandos arbitrario mediante el env\u00edo de una carga \u00fatil deserializada al puerto 5001."}], "id": "CVE-2021-21741", "lastModified": "2024-11-21T05:48:55.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-30T18:15:08.107", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}