CVE-2021-21726

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>

CVSS v3 2.3 LOW
CVSS v2.0 2.1 LOW

2.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zte:zxone_9700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_9700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zte:zxone_8700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_8700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zte:zxone_19700_firmware:1.0p02b219_\@ncpm-release_2.40r1-20200914.set:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_19700:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-03-12 19:15

Updated : 2024-02-04 21:23

NVD link : CVE-2021-21726

Mitre link : CVE-2021-21726

CVE.ORG link : CVE-2021-21726

JSON object : View

Products Affected

zte

zxone_8700
zxone_9700
zxone_8700_firmware
zxone_19700
zxone_9700_firmware
zxone_19700_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2021-21726", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.8}]}, "published": "2021-03-12T19:15:15.007", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}, {"lang": "es", "value": "Algunos productos ZTE presentan una vulnerabilidad de comprobaci\u00f3n de entrada en la interfaz de la funci\u00f3n de diagnostico. Debido a una comprobaci\u00f3n insuficiente de algunos par\u00e1metros ingresados ??por los usuarios, un atacante con altos privilegios puede causar una excepci\u00f3n en el proceso insertando repetidamente par\u00e1metros ilegales. Esto afecta a: "}], "lastModified": "2021-03-19T14:48:38.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_9700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7D653D-5E78-4BF7-B93A-211B4ED04BE2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_9700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F3B1F08-335C-4D75-8824-7501BB778F3C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_8700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A138D17-A631-4B11-9C76-0EA80B8260CA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_8700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D8A058D-5F27-4015-946D-F975F2EADBC9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_19700_firmware:1.0p02b219_\\@ncpm-release_2.40r1-20200914.set:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62AF3DD6-CBF8-4654-8540-80B29285F8FF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_19700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8530D441-FED3-48CF-9937-A13951B2E0EB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}