Vulnerability-Lookup

CVE-2021-21722 (GCVE-0-2021-21722)

Vulnerability from cvelistv5 – Published: 2021-01-14 15:57 – Updated: 2024-08-03 18:23

Summary

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.

Severity ?

No CVSS data available.

CWE

information leak

Assigner

zte

References

URL

	Vendor	Product	Version
	n/a	ZXV10 B860A	Affected: V2.1-T_V0032.1.1.04_jiangsuTelecom

GHSA-H8W4-3WMM-WR8G

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-07-13 00:01

Details

Severity ?

4.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-14T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.",
  "id": "GHSA-h8w4-3wmm-wr8g",
  "modified": "2022-07-13T00:01:07Z",
  "published": "2022-05-24T17:39:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21722"
    },
    {
      "type": "WEB",
      "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-21722

Vulnerability from fkie_nvd - Published: 2021-01-14 16:15 - Updated: 2024-11-21 05:48

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@zte.com.cn	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324	Vendor Advisory

Impacted products

	Vendor	Product	Version
	zte	zxv10_b860a_firmware	v2.1-t_v0032.1.1.04_jiangsutelecom
	zte	zxv10_b860a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:zxv10_b860a_firmware:v2.1-t_v0032.1.1.04_jiangsutelecom:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FF3FEF-2943-4327-90F6-0C8AA7A63182",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:zxv10_b860a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "290044BC-2211-4044-8899-5D4B69C6A881",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom."
    },
    {
      "lang": "es",
      "value": "Un ZTE Smart STB est\u00e1 afectado por una vulnerabilidad de filtrado de informaci\u00f3n.\u0026#xa0;El dispositivo no verific\u00f3 completamente el registro, por lo que los atacantes podr\u00edan usar esta vulnerabilidad para obtener informaci\u00f3n confidencial del usuario para mayor detecci\u00f3n de informaci\u00f3n y ataques.\u0026#xa0;Esto afecta a: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom"
    }
  ],
  "id": "CVE-2021-21722",
  "lastModified": "2024-11-21T05:48:52.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-14T16:15:19.053",
  "references": [
    {
      "source": "psirt@zte.com.cn",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324"
    }
  ],
  "sourceIdentifier": "psirt@zte.com.cn",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-21722

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-21722

Aliases

CVE-2021-21722

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21722",
    "description": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.",
    "id": "GSD-2021-21722"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21722"
      ],
      "details": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.",
      "id": "GSD-2021-21722",
      "modified": "2023-12-13T01:23:10.600751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@zte.com.cn",
        "ID": "CVE-2021-21722",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ZXV10 B860A",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V2.1-T_V0032.1.1.04_jiangsuTelecom"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "information leak"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324",
            "refsource": "MISC",
            "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:zxv10_b860a_firmware:v2.1-t_v0032.1.1.04_jiangsutelecom:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:zxv10_b860a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2021-21722"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-01-21T21:07Z",
      "publishedDate": "2021-01-14T16:15Z"
    }
  }
}

VAR-202101-1633

Vulnerability from variot - Updated: 2024-11-23 22:25

ZTE ZXV10 B860A has an information disclosure vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1633",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "zxv10 b860a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zte",
        "version": "v2.1-t_v0032.1.1.04_jiangsutelecom"
      },
      {
        "model": "zxv10 b860a",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxv10 b860a",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zte",
        "version": "zxv10 b860a  firmware  v2.1-t_v0032.1.1.04_jiangsutelecom"
      },
      {
        "model": "zxv10 b860a",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "cve": "CVE-2021-21722",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-21722",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-03543",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2021-21722",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-21722",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-21722",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-21722",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-03543",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-1139",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom. ZTE ZXV10 B860A is a network set-top box of China ZTE Corporation (ZTE). \n\r\n\r\nZTE ZXV10 B860A has an information disclosure vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21722"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-21722",
        "trust": 3.0
      },
      {
        "db": "ZTE",
        "id": "1014324",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "id": "VAR-202101-1633",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      }
    ],
    "trust": 1.24285713
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:25:12.344000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Information\u00a0Leak\u00a0Vulnerability\u00a0in\u00a0a\u00a0ZTE\u00a0Product",
        "trust": 0.8,
        "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324"
      },
      {
        "title": "Patch for ZTE ZXV10 B860A information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/244381"
      },
      {
        "title": "ZTE ZXV10 B860A Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139238"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-532",
        "trust": 1.0
      },
      {
        "problemtype": "information leak (CWE-200) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21722"
      },
      {
        "trust": 1.6,
        "url": "http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1014324"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "date": "2021-09-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "date": "2021-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      },
      {
        "date": "2021-01-14T16:15:19.053000",
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-03543"
      },
      {
        "date": "2021-09-27T08:56:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      },
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      },
      {
        "date": "2024-11-21T05:48:52.870000",
        "db": "NVD",
        "id": "CVE-2021-21722"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZTE\u00a0Smart\u00a0STB\u00a0 Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002597"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "log information leak",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1139"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2021-03543

Vulnerability from cnvd - Published: 2021-01-17

Title

ZTE ZXV10 B860A信息泄露漏洞

Description

ZTE ZXV10 B860A是中国中兴通讯（ZTE）公司的一款网络机顶盒。 ZTE ZXV10 B860A存在信息泄露漏洞，该漏洞源于设备未对日志进行充分验证，攻击者可利用该漏洞可以获取用户敏感信息，进行进一步的信息检测和攻击。

Severity

中

Patch Name

ZTE ZXV10 B860A信息泄露漏洞的补丁

Patch Description

ZTE ZXV10 B860A是中国中兴通讯（ZTE）公司的一款网络机顶盒。 ZTE ZXV10 B860A存在信息泄露漏洞，该漏洞源于设备未对日志进行充分验证，攻击者可利用该漏洞可以获取用户敏感信息，进行进一步的信息检测和攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-21722

Impacted products

Name
ZTE ZTE ZXV10 B860A

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21722",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21722"
    }
  },
  "description": "ZTE ZXV10 B860A\u662f\u4e2d\u56fd\u4e2d\u5174\u901a\u8baf\uff08ZTE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u673a\u9876\u76d2\u3002\n\nZTE ZXV10 B860A\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u5907\u672a\u5bf9\u65e5\u5fd7\u8fdb\u884c\u5145\u5206\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u83b7\u53d6\u7528\u6237\u654f\u611f\u4fe1\u606f\uff0c\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u4fe1\u606f\u68c0\u6d4b\u548c\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-03543",
  "openTime": "2021-01-17",
  "patchDescription": "ZTE ZXV10 B860A\u662f\u4e2d\u56fd\u4e2d\u5174\u901a\u8baf\uff08ZTE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u673a\u9876\u76d2\u3002\r\n\r\nZTE ZXV10 B860A\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u5907\u672a\u5bf9\u65e5\u5fd7\u8fdb\u884c\u5145\u5206\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u83b7\u53d6\u7528\u6237\u654f\u611f\u4fe1\u606f\uff0c\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u4fe1\u606f\u68c0\u6d4b\u548c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZTE ZXV10 B860A\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZTE ZTE ZXV10 B860A"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-21722",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-16",
  "title": "ZTE ZXV10 B860A\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21722 (GCVE-0-2021-21722)

GHSA-H8W4-3WMM-WR8G

FKIE_CVE-2021-21722

GSD-2021-21722

VAR-202101-1633

CNVD-2021-03543

Tags

Sightings

Nomenclature