CVE-2021-21734

{"id": "CVE-2021-21734", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-05-28T12:15:07.603", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01"}, {"lang": "es", "value": "Algunos dispositivos PON MDU de ZTE almacenan informaci\u00f3n confidencial en texto plano, y los usuarios con autoridad de inicio de sesi\u00f3n pueden obtenerla al ingresar un comando. Esto afecta: dispositivo ZTE PON MDU ZXA10 F821 versi\u00f3n V1.7.0P3T22, ZXA10 F822 versi\u00f3n V1.4.3T6, ZXA10 F819 versi\u00f3n V1.2.1T5, ZXA10 F832 versi\u00f3n V1.1.1T7, ZXA10 F839 versi\u00f3n V1.1.0T8, ZXA10 F809 versi\u00f3n V3.2A10T1, ZXA10 F809 versi\u00f3n V3.2.1T1 F822P versi\u00f3n V1.1.1T7, ZXA10 F832 versi\u00f3n V2.00.00.01"}], "lastModified": "2021-06-10T19:02:12.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f821_firmware:1.7.0p3t22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCE43313-2022-402E-BCE9-ABCBEB808AE5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f821:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7275080B-F405-4F16-BBA1-18B6593E436F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f822_firmware:1.4.3t6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A270CC4-2665-4C94-9A45-60548B4F65E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f822:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B0BDBCB-3BB7-4617-8609-EA55C8713339"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f819_firmware:1.2.1t5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA081EEC-B261-4375-81EF-9B1A611E68A6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f819:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB2449F0-8878-4A2C-85B0-A2BE47093C8E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f832_firmware:1.1.1t7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "861128EC-918B-48C9-A3FD-63AA7E882583"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F18AB723-BF7F-40DE-847B-7917E72E27AD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f839_firmware:1.1.0t8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC7469E5-480E-4C31-83C7-B568197DDB23"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f839:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9EDACCE0-CC7B-4CCC-B4E3-EDFDEA828B19"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f809_firmware:3.2.1t1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EB1E47E-4F1C-4144-B24D-82A64C784090"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f809:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87C5A538-7833-4592-A175-31D317C667A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f822p_firmware:1.1.1t7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13A30B20-5E0E-4877-BAFD-531710F82A2C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f822p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0813EB37-1C6F-475E-9F27-A253A5716F23"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_f832v2_firmware:2.00.00.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "030E5E6C-191B-4094-B121-B942020A3FEB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_f832v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F94D8D4-4355-4435-AAAB-122505FE7980"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}