CVE-2021-21742 — MEDIUM (5.5)

Vulnerability Description

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zte	Axon 30 Pro Message Service	5.3.1.2103091059

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019084Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019084Vendor Advisory

FAQ

What is CVE-2021-21742?

CVE-2021-21742 is a vulnerability with a CVSS score of 5.5 (MEDIUM). There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive informa...

How severe is CVE-2021-21742?

CVE-2021-21742 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21742?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Axon 30 Pro Message Service.