Search
Find a vulnerability
Search criteria
14 vulnerabilities found for mf971r_firmware by zte
CVE-2021-21749 (GCVE-0-2021-21749)
Vulnerability from nvd – Published: 2021-10-20 15:22 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
Severity
No CVSS data available.
CWE
- stack-based buffer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:22:06.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21749",
"datePublished": "2021-10-20T15:22:06.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21748 (GCVE-0-2021-21748)
Vulnerability from nvd – Published: 2021-10-20 15:24 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
Severity
No CVSS data available.
CWE
- stack-based buffer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:24:44.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21748",
"datePublished": "2021-10-20T15:24:44.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21745 (GCVE-0-2021-21745)
Vulnerability from nvd – Published: 2021-10-20 15:20 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.
Severity
No CVSS data available.
CWE
- Referer authentication bypass
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Referer authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:20:50.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Referer authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21745",
"datePublished": "2021-10-20T15:20:50.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21744 (GCVE-0-2021-21744)
Vulnerability from nvd – Published: 2021-10-20 15:18 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.
Severity
No CVSS data available.
CWE
- configuration file control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "configuration file control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:18:18.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "configuration file control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21744",
"datePublished": "2021-10-20T15:18:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21743 (GCVE-0-2021-21743)
Vulnerability from nvd – Published: 2021-10-20 15:19 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.
Severity
No CVSS data available.
CWE
- CRLF injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CRLF injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:19:32.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CRLF injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21743",
"datePublished": "2021-10-20T15:19:32.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21747 (GCVE-0-2021-21747)
Vulnerability from nvd – Published: 2021-10-20 14:38 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T14:38:33.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21747",
"datePublished": "2021-10-20T14:38:33.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21746 (GCVE-0-2021-21746)
Vulnerability from nvd – Published: 2021-10-20 14:34 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T14:34:39.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21746",
"datePublished": "2021-10-20T14:34:39.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21748 (GCVE-0-2021-21748)
Vulnerability from cvelistv5 – Published: 2021-10-20 15:24 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
Severity
No CVSS data available.
CWE
- stack-based buffer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:24:44.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21748",
"datePublished": "2021-10-20T15:24:44.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21749 (GCVE-0-2021-21749)
Vulnerability from cvelistv5 – Published: 2021-10-20 15:22 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.
Severity
No CVSS data available.
CWE
- stack-based buffer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:22:06.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21749",
"datePublished": "2021-10-20T15:22:06.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21745 (GCVE-0-2021-21745)
Vulnerability from cvelistv5 – Published: 2021-10-20 15:20 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.
Severity
No CVSS data available.
CWE
- Referer authentication bypass
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Referer authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:20:50.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Referer authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21745",
"datePublished": "2021-10-20T15:20:50.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21743 (GCVE-0-2021-21743)
Vulnerability from cvelistv5 – Published: 2021-10-20 15:19 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.
Severity
No CVSS data available.
CWE
- CRLF injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CRLF injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:19:32.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CRLF injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21743",
"datePublished": "2021-10-20T15:19:32.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21744 (GCVE-0-2021-21744)
Vulnerability from cvelistv5 – Published: 2021-10-20 15:18 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.
Severity
No CVSS data available.
CWE
- configuration file control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "configuration file control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T15:18:18.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "configuration file control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21744",
"datePublished": "2021-10-20T15:18:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21747 (GCVE-0-2021-21747)
Vulnerability from cvelistv5 – Published: 2021-10-20 14:38 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T14:38:33.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21747",
"datePublished": "2021-10-20T14:38:33.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21746 (GCVE-0-2021-21746)
Vulnerability from cvelistv5 – Published: 2021-10-20 14:34 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MF971R",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T14:34:39.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MF971R",
"version": {
"version_data": [
{
"version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21746",
"datePublished": "2021-10-20T14:34:39.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}