exploitDog

CVE-2021-21740

Опубликовано: 09 авг. 2021

Источник: nvd

CVSS3: 2.4

CVSS2: 2.1

EPSS Низкий

Описание

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.

Ссылки

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244
Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zte:zxhn_h2640_firmware:10.0.0c6_ty:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_h2640:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

2.4 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-59

Связанные уязвимости

GHSA-qj42-4q8c-3r9v

github

больше 3 лет назад

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.

EPSS

Процентиль: 15%

0.00049

Низкий

2.4 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-59