CVE-2021-21722 — MEDIUM (4.4)

Vulnerability Description

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zte	Zxv10 B860A Firmware	v2.1-t_v0032.1.1.04_jiangsutelecom
Zte	Zxv10 B860A	-

Related Weaknesses (CWE)

CWE-532

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324Vendor Advisory

FAQ

What is CVE-2021-21722?

CVE-2021-21722 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further in...

How severe is CVE-2021-21722?

CVE-2021-21722 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21722?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxv10 B860A Firmware, Zte Zxv10 B860A.