CVE-2021-21725

A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.

CVSS v3 5.7 MEDIUM
CVSS v2.0 2.7 LOW

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.7^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 5.1 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zte:zxhn_h196q_firmware:9.1.0c2:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_h196q:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-03-05 17:15

Updated : 2021-03-12 15:42

NVD link : CVE-2021-21725

Mitre link : CVE-2021-21725

CVE.ORG link : CVE-2021-21725

JSON object : View

Products Affected

zte

zxhn_h196q
zxhn_h196q_firmware

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2021-21725", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2021-03-05T17:15:14.297", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2."}, {"lang": "es", "value": "Un producto ZTE presenta una vulnerabilidad de filtrado de informaci\u00f3n. Un atacante con mayor autoridad puede ir m\u00e1s all\u00e1 de su autoridad para acceder a archivos en otros directorios al llevar a cabo operaciones espec\u00edficas, resultando en un filtrado de informaci\u00f3n. Esto afecta a: ZXHN H196Q V9.1.0C2"}], "lastModified": "2021-03-12T15:42:38.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h196q_firmware:9.1.0c2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89E7CEBA-96D4-4012-A7FA-358098C07C9E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h196q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E876480B-AD6A-4AB4-9015-CC471414CBC2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}