CVE-2021-21740
Severity Score
2.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
Se presenta una vulnerabilidad de filtrado de información en el reproductor multimedia digital (DMS) del producto de puerta de enlace residencial de ZTE. El atacante podría insertar el disco USB con el enlace simbólico en el gateway residencial y acceder a información de directorio no autorizada mediante el enlace simbólico, causando un filtrado de información
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-08-09 CVE Published
- 2024-04-24 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244 | 2021-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxhn H2640 Firmware Search vendor "Zte" for product "Zxhn H2640 Firmware" | 10.0.0c6_ty Search vendor "Zte" for product "Zxhn H2640 Firmware" and version "10.0.0c6_ty" | - |
Affected
| in | Zte Search vendor "Zte" | Zxhn H2640 Search vendor "Zte" for product "Zxhn H2640" | - | - |
Safe
|