VAR-202110-0398
Vulnerability from variot - Updated: 2023-12-18 11:57ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled. ZTE MF971R Exists in unspecified vulnerabilities.Information may be tampered with. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "2v1.0.0b03"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "sv1.0.0b05"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "1v1.0.0b06"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "v1.0.0b05"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "s2v1.0.0b03"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "mf971r",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "mf971r",
"scope": "eq",
"trust": 0.8,
"vendor": "zte",
"version": "mf971r firmware"
},
{
"model": "mf971r bd zte mf971rv1.0.0b05",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd plkplmf971r1v1.0.0b06",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd mf971r2v1.0.0b03",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd zte mf971rs2v1.0.0b03",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd zte mf971rsv1.0.0b05",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:v1.0.0b05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:1v1.0.0b06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:2v1.0.0b03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:s2v1.0.0b03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:sv1.0.0b05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Marcin \u2019Icewall\u2019 Noga of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
],
"trust": 0.6
},
"cve": "CVE-2021-21744",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-21744",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-92820",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-21744",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21744",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-92820",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1254",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-21744",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled. ZTE MF971R Exists in unspecified vulnerabilities.Information may be tampered with. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21744",
"trust": 3.9
},
{
"db": "ZTE",
"id": "1019764",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-92820",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101910",
"trust": 0.6
},
{
"db": "TALOS",
"id": "TALOS-2021-1316",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-21744",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"id": "VAR-202110-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
}
]
},
"last_update_date": "2023-12-18T11:57:11.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple\u00a0Vulnerabilities\u00a0in\u00a0a\u00a0ZTE\u00a0Mobile\u00a0Internet\u00a0Product",
"trust": 0.8,
"url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019764"
},
{
"title": "Patch for ZTE MF971R configuration file control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/301771"
},
{
"title": "ZTE MF971R LTE router Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=167217"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21744"
},
{
"trust": 1.7,
"url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019764"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101910"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1316"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"date": "2021-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"date": "2022-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"date": "2021-10-20T16:15:08.160000",
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"date": "2021-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"date": "2021-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"date": "2022-09-30T05:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"date": "2021-10-25T16:14:48.427000",
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"date": "2021-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE\u00a0MF971R\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…