VAR-202109-0380
Vulnerability from variot - Updated: 2024-08-14 15:17There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. ZTE Mobile phones have unspecified vulnerabilities.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "axon 30 pro message service",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "5.3.1.2103091059"
},
{
"model": "axon 30 pro message service app",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "axon 30 pro message service app",
"scope": "eq",
"trust": 0.8,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"cve": "CVE-2021-21742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-21742",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-380146",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-21742",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-21742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-21742",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-21742",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1694",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-380146",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380146"
},
{
"db": "VULMON",
"id": "CVE-2021-21742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1694"
},
{
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. ZTE Mobile phones have unspecified vulnerabilities.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "VULHUB",
"id": "VHN-380146"
},
{
"db": "VULMON",
"id": "CVE-2021-21742"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21742",
"trust": 3.4
},
{
"db": "ZTE",
"id": "1019084",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012446",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1694",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-380146",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380146"
},
{
"db": "VULMON",
"id": "CVE-2021-21742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1694"
},
{
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"id": "VAR-202109-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380146"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:17:03.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information\u00a0Leak\u00a0Vulnerability\u00a0in\u00a0The\u00a0Message\u00a0Service\u00a0App\u00a0of\u00a0a\u00a0ZTE\u00a0Mobile\u00a0Phone",
"trust": 0.8,
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019084"
},
{
"title": "ZTE Axon 30 Pro Message Service App Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164772"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1694"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019084"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21742"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380146"
},
{
"db": "VULMON",
"id": "CVE-2021-21742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1694"
},
{
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380146"
},
{
"db": "VULMON",
"id": "CVE-2021-21742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1694"
},
{
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-380146"
},
{
"date": "2021-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21742"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1694"
},
{
"date": "2021-09-25T00:15:07.210000",
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-380146"
},
{
"date": "2021-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21742"
},
{
"date": "2022-08-31T07:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-012446"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1694"
},
{
"date": "2021-09-30T17:16:36.037000",
"db": "NVD",
"id": "CVE-2021-21742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1694"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE\u00a0 Vulnerabilities in mobile phones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012446"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1694"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…