CVE-2021-21740
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
2.4 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 Low
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.9%
There is an information leak vulnerability in the digital media player (DMS) of ZTE’s residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| zte:zxhn_h2640_firmware | zte zxhn h2640 firmware | eq | 10.0.0c6_ty |
CNA Affected
[
{
"product": "ZXHN H2640",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V10.0.0C6_TY"
}
]
}
]Social References
More
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
2.4 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 Low
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.9%