Search criteria
4 vulnerabilities found for zxin10_cms by zte
CVE-2021-21751 (GCVE-0-2021-21751)
Vulnerability from nvd – Published: 2021-12-27 18:48 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
Severity
No CVSS data available.
CWE
- input verification
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXIN10 CMS |
Affected:
All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXIN10 CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "input verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:25.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXIN10 CMS",
"version": {
"version_data": [
{
"version_value": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21751",
"datePublished": "2021-12-27T18:48:25.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21750 (GCVE-0-2021-21750)
Vulnerability from nvd – Published: 2021-12-27 18:48 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
Severity
No CVSS data available.
CWE
- privilege escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXIN10 CMS |
Affected:
All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXIN10 CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:25.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXIN10 CMS",
"version": {
"version_data": [
{
"version_value": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21750",
"datePublished": "2021-12-27T18:48:25.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21750 (GCVE-0-2021-21750)
Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
Severity
No CVSS data available.
CWE
- privilege escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXIN10 CMS |
Affected:
All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXIN10 CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:25.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXIN10 CMS",
"version": {
"version_data": [
{
"version_value": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21750",
"datePublished": "2021-12-27T18:48:25.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21751 (GCVE-0-2021-21751)
Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-08-03 18:23
VLAI
Summary
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
Severity
No CVSS data available.
CWE
- input verification
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXIN10 CMS |
Affected:
All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXIN10 CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "input verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:25.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXIN10 CMS",
"version": {
"version_data": [
{
"version_value": "All versions up to ZXOMS-BIGDATA-IOPSWEBV3.01.01.04"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1021884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21751",
"datePublished": "2021-12-27T18:48:25.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}