VAR-202108-0469
Vulnerability from variot - Updated: 2023-12-18 12:49There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. ZTE Made residential gateway The product contains a link interpretation vulnerability.Information may be obtained. ZTE ZXHN H2640 is a home gateway device from China ZTE (ZTE).
There is an information disclosure vulnerability in ZTE ZXHN H2640, which originates from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0469",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zxhn h2640",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "10.0.0c6_ty"
},
{
"model": "zxhn h2640",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxhn h2640",
"scope": "eq",
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxhn h2640",
"scope": "eq",
"trust": 0.8,
"vendor": "zte",
"version": "zxhn h2640 firmware"
},
{
"model": "zxhn h2640 10.0.0c6 ty",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "NVD",
"id": "CVE-2021-21740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:zxhn_h2640_firmware:10.0.0c6_ty:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:zxhn_h2640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21740"
}
]
},
"cve": "CVE-2021-21740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-21740",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-13195",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-21740",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21740",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2022-13195",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-804",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-21740",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"db": "VULMON",
"id": "CVE-2021-21740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "NVD",
"id": "CVE-2021-21740"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is an information leak vulnerability in the digital media player (DMS) of ZTE\u0027s residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. ZTE Made residential gateway The product contains a link interpretation vulnerability.Information may be obtained. ZTE ZXHN H2640 is a home gateway device from China ZTE (ZTE). \n\r\n\r\nThere is an information disclosure vulnerability in ZTE ZXHN H2640, which originates from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"db": "VULMON",
"id": "CVE-2021-21740"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21740",
"trust": 3.9
},
{
"db": "ZTE",
"id": "1017244",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-13195",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-804",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-21740",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"db": "VULMON",
"id": "CVE-2021-21740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "NVD",
"id": "CVE-2021-21740"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
]
},
"id": "VAR-202108-0469",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
}
]
},
"last_update_date": "2023-12-18T12:49:09.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information\u00a0Leak\u00a0Vulnerability\u00a0in\u00a0a\u00a0ZTE\u0027s\u00a0Residential\u00a0Gateway\u00a0Product",
"trust": 0.8,
"url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1017244"
},
{
"title": "Patch for ZTE ZXHN H2640 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/321311"
},
{
"title": "ZTE ZXHN H2640 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159113"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.0
},
{
"problemtype": "Link interpretation problem (CWE-59) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "NVD",
"id": "CVE-2021-21740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1017244"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21740"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/59.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"db": "VULMON",
"id": "CVE-2021-21740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "NVD",
"id": "CVE-2021-21740"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"db": "VULMON",
"id": "CVE-2021-21740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"db": "NVD",
"id": "CVE-2021-21740"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"date": "2021-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21740"
},
{
"date": "2022-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"date": "2021-08-09T16:15:07.037000",
"db": "NVD",
"id": "CVE-2021-21740"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-13195"
},
{
"date": "2021-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21740"
},
{
"date": "2022-06-01T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-009849"
},
{
"date": "2021-08-17T14:03:15.250000",
"db": "NVD",
"id": "CVE-2021-21740"
},
{
"date": "2021-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE\u00a0 Made \u00a0residential\u00a0gateway\u00a0 Product link interpretation vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-804"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…