Vulnerability-Lookup

CVE-2021-21743 (GCVE-0-2021-21743)

Vulnerability from cvelistv5 – Published: 2021-10-20 15:19 – Updated: 2024-08-03 18:23

Summary

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CRLF injection

Assigner

zte

References

1 reference

URL	Tags
https://support.zte.com.cn/support/news/LoopholeI…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	MF971R	Affected: BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:29.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MF971R",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CRLF injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T15:19:32.000Z",
        "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "shortName": "zte"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2021-21743",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MF971R",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CRLF injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
              "refsource": "MISC",
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
    "assignerShortName": "zte",
    "cveId": "CVE-2021-21743",
    "datePublished": "2021-10-20T15:19:32.000Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:23:29.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-21743",
      "date": "2026-06-29",
      "epss": "0.00823",
      "percentile": "0.5272"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-21743\",\"sourceIdentifier\":\"psirt@zte.com.cn\",\"published\":\"2021-10-20T16:15:08.103\",\"lastModified\":\"2024-11-21T05:48:55.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.\"},{\"lang\":\"es\",\"value\":\"El producto ZTE MF971R presenta una vulnerabilidad de inyecci\u00f3n de CRLF. Un atacante podr\u00eda aprovechar esta vulnerabilidad para modificar la informaci\u00f3n del encabezado de respuesta HTTP mediante una petici\u00f3n HTTP especialmente dise\u00f1ada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:mf971r_firmware:v1.0.0b05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A4F659-C656-47D6-B38E-5BA8E73DCD30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A7F54F4-E324-4D1E-839E-677396BAFE49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:mf971r_firmware:1v1.0.0b06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35FA4400-636F-48E7-AF1E-9416D9E9386F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A7F54F4-E324-4D1E-839E-677396BAFE49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:mf971r_firmware:2v1.0.0b03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252BBFAA-0053-441A-8F20-A737EF573355\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A7F54F4-E324-4D1E-839E-677396BAFE49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:mf971r_firmware:s2v1.0.0b03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B066F08-DDC4-4868-8FD2-620E46660B64\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A7F54F4-E324-4D1E-839E-677396BAFE49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:mf971r_firmware:sv1.0.0b05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAA1BD70-DC47-4B81-A906-3FD76E593F75\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A7F54F4-E324-4D1E-839E-677396BAFE49\"}]}]}],\"references\":[{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764\",\"source\":\"psirt@zte.com.cn\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2021-92819

Vulnerability from cnvd - Published: 2021-12-01

Title

ZTE MF971R CRLF注入漏洞

Description

ZTE MF971R是一款Cat 6 LTE移动Wi-Fi路由器，下载速度可达300mbps，上传速度可达50mbps。 ZTE MF971R存在CRLF注入漏洞。攻击者可通过特制HTTP请求利用该漏洞修改HTTP响应头信息。

Severity

中

Patch Name

ZTE MF971R CRLF注入漏洞的补丁

Patch Description

ZTE MF971R是一款Cat 6 LTE移动Wi-Fi路由器，下载速度可达300mbps，上传速度可达50mbps。 ZTE MF971R存在CRLF注入漏洞。攻击者可通过特制HTTP请求利用该漏洞修改HTTP响应头信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-21743

Impacted products

Name
['ZTE MF971R BD_ZTE_MF971RV1.0.0B05', 'ZTE MF971R BD_PLKPLMF971R1V1.0.0B06', 'ZTE MF971R BD_MF971R2V1.0.0B03', 'ZTE MF971R BD_ZTE_MF971RS2V1.0.0B03', 'ZTE MF971R BD_ZTE_MF971RSV1.0.0B05']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21743",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21743"
    }
  },
  "description": "ZTE MF971R\u662f\u4e00\u6b3eCat 6 LTE\u79fb\u52a8Wi-Fi\u8def\u7531\u5668\uff0c\u4e0b\u8f7d\u901f\u5ea6\u53ef\u8fbe300mbps\uff0c\u4e0a\u4f20\u901f\u5ea6\u53ef\u8fbe50mbps\u3002\n\nZTE MF971R\u5b58\u5728CRLF\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539HTTP\u54cd\u5e94\u5934\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-92819",
  "openTime": "2021-12-01",
  "patchDescription": "ZTE MF971R\u662f\u4e00\u6b3eCat 6 LTE\u79fb\u52a8Wi-Fi\u8def\u7531\u5668\uff0c\u4e0b\u8f7d\u901f\u5ea6\u53ef\u8fbe300mbps\uff0c\u4e0a\u4f20\u901f\u5ea6\u53ef\u8fbe50mbps\u3002\r\n\r\nZTE MF971R\u5b58\u5728CRLF\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539HTTP\u54cd\u5e94\u5934\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZTE MF971R CRLF\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ZTE MF971R BD_ZTE_MF971RV1.0.0B05",
      "ZTE MF971R BD_PLKPLMF971R1V1.0.0B06",
      "ZTE MF971R BD_MF971R2V1.0.0B03",
      "ZTE MF971R BD_ZTE_MF971RS2V1.0.0B03",
      "ZTE MF971R BD_ZTE_MF971RSV1.0.0B05"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-21743",
  "serverity": "\u4e2d",
  "submitTime": "2021-10-21",
  "title": "ZTE MF971R CRLF\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2021-21743

Vulnerability from fkie_nvd - Published: 2021-10-20 16:15 - Updated: 2026-06-17 03:36

Severity

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

References

	URL	Tags
	psirt@zte.com.cn	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764	Vendor Advisory

Impacted products

Vendor	Product	Version
zte	mf971r_firmware	v1.0.0b05
zte	mf971r	*
zte	mf971r_firmware	1v1.0.0b06
zte	mf971r	*
zte	mf971r_firmware	2v1.0.0b03
zte	mf971r	*
zte	mf971r_firmware	s2v1.0.0b03
zte	mf971r	*
zte	mf971r_firmware	sv1.0.0b05
zte	mf971r	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "MF971R",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
            }
          ]
        }
      ],
      "source": "psirt@zte.com.cn"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:mf971r_firmware:v1.0.0b05:*:*:*:*:*:*:*",
              "matchCriteriaId": "72A4F659-C656-47D6-B38E-5BA8E73DCD30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:mf971r_firmware:1v1.0.0b06:*:*:*:*:*:*:*",
              "matchCriteriaId": "35FA4400-636F-48E7-AF1E-9416D9E9386F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:mf971r_firmware:2v1.0.0b03:*:*:*:*:*:*:*",
              "matchCriteriaId": "252BBFAA-0053-441A-8F20-A737EF573355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:mf971r_firmware:s2v1.0.0b03:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B066F08-DDC4-4868-8FD2-620E46660B64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:mf971r_firmware:sv1.0.0b05:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA1BD70-DC47-4B81-A906-3FD76E593F75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
    },
    {
      "lang": "es",
      "value": "El producto ZTE MF971R presenta una vulnerabilidad de inyecci\u00f3n de CRLF. Un atacante podr\u00eda aprovechar esta vulnerabilidad para modificar la informaci\u00f3n del encabezado de respuesta HTTP mediante una petici\u00f3n HTTP especialmente dise\u00f1ada"
    }
  ],
  "id": "CVE-2021-21743",
  "lastModified": "2026-06-17T03:36:04.573",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-20T16:15:08.103",
  "references": [
    {
      "source": "psirt@zte.com.cn",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
    }
  ],
  "sourceIdentifier": "psirt@zte.com.cn",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JM9F-FF4V-792M

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18

Details

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-20T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.",
  "id": "GHSA-jm9f-ff4v-792m",
  "modified": "2022-05-24T19:18:04Z",
  "published": "2022-05-24T19:18:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21743"
    },
    {
      "type": "WEB",
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-21743

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

Aliases

CVE-2021-21743

Aliases

CVE-2021-21743

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21743",
    "description": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.",
    "id": "GSD-2021-21743"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21743"
      ],
      "details": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.",
      "id": "GSD-2021-21743",
      "modified": "2023-12-13T01:23:11.110953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@zte.com.cn",
        "ID": "CVE-2021-21743",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MF971R",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "BD_ZTE_MF971RV1.0.0B05, BD_PLKPLMF971R1V1.0.0B06, BD_MF971R2V1.0.0B03, BD_ZTE_MF971RS2V1.0.0B03, BD_ZTE_MF971RSV1.0.0B05"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CRLF injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
            "refsource": "MISC",
            "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:v1.0.0b05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:1v1.0.0b06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:2v1.0.0b03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:s2v1.0.0b03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:mf971r_firmware:sv1.0.0b05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2021-21743"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-10-25T16:06Z",
      "publishedDate": "2021-10-20T16:15Z"
    }
  }
}

VAR-202110-0399

Vulnerability from variot - Updated: 2024-08-14 13:43

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0399",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mf971r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zte",
        "version": "sv1.0.0b05"
      },
      {
        "model": "mf971r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zte",
        "version": "1v1.0.0b06"
      },
      {
        "model": "mf971r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zte",
        "version": "2v1.0.0b03"
      },
      {
        "model": "mf971r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zte",
        "version": "v1.0.0b05"
      },
      {
        "model": "mf971r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zte",
        "version": "s2v1.0.0b03"
      },
      {
        "model": "mf971r",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "mf971r",
        "scope": null,
        "trust": 0.8,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "mf971r",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zte",
        "version": "mf971r  firmware"
      },
      {
        "model": "mf971r bd zte mf971rv1.0.0b05",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "mf971r bd plkplmf971r1v1.0.0b06",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "mf971r bd mf971r2v1.0.0b03",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "mf971r bd zte mf971rs2v1.0.0b03",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "mf971r bd zte mf971rsv1.0.0b05",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovered by Marcin \u2019Icewall\u2019 Noga of Cisco Talos.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-21743",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-21743",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2021-92819",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-21743",
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-21743",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-21743",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-21743",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-92819",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-1262",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-21743",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21743"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-21743",
        "trust": 3.9
      },
      {
        "db": "ZTE",
        "id": "1019764",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021101910",
        "trust": 0.6
      },
      {
        "db": "TALOS",
        "id": "TALOS-2021-1313",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21743",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "id": "VAR-202110-0399",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:43:19.090000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple\u00a0Vulnerabilities\u00a0in\u00a0a\u00a0ZTE\u00a0Mobile\u00a0Internet\u00a0Product",
        "trust": 0.8,
        "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
      },
      {
        "title": "Patch for ZTE MF971R CRLF injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/301766"
      },
      {
        "title": "ZTE MF971R LTE router Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166155"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-74",
        "trust": 1.0
      },
      {
        "problemtype": "injection (CWE-74) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21743"
      },
      {
        "trust": 1.7,
        "url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019764"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021101910"
      },
      {
        "trust": 0.6,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1313"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/74.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "date": "2021-10-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21743"
      },
      {
        "date": "2022-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "date": "2021-10-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      },
      {
        "date": "2021-10-20T16:15:08.103000",
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92819"
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21743"
      },
      {
        "date": "2022-09-30T05:49:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      },
      {
        "date": "2021-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      },
      {
        "date": "2021-10-25T16:06:55.930000",
        "db": "NVD",
        "id": "CVE-2021-21743"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZTE\u00a0MF971R\u00a0 Injection vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013972"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-1262"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21743 (GCVE-0-2021-21743)

CNVD-2021-92819

FKIE_CVE-2021-21743

GHSA-JM9F-FF4V-792M

GSD-2021-21743

VAR-202110-0399

Tags

Sightings

Nomenclature