CVE-2021-21726 - OpenCVE

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zte	Zxone 9700 Firmware Zxone 19700 Zxone 8700 Firmware Zxone 19700 Firmware Zxone 9700 Zxone 8700

Configuration 1 [-]

AND

cpe:2.3:o:zte:zxone_9700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_9700:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zte:zxone_8700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_8700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zte:zxone_19700_firmware:1.0p02b219_\@ncpm-release_2.40r1-20200914.set:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_19700:-:*:*:*:*:*:*:*

References

Link	Resource
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zte

Published: 2021-03-12T18:05:34

Updated: 2021-03-12T18:05:34

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-21726

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-12T19:15:15.007

Modified: 2021-03-19T14:48:38.520

Link: CVE-2021-21726

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "<ZXONE 9700 , ZXONE 8700, ZXONE 19700>", "vendor": "n/a", "versions": [{"status": "affected", "version": "<V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}]}], "descriptions": [{"lang": "en", "value": "Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}], "problemTypes": [{"descriptions": [{"description": "input verification", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-12T18:05:34", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2021-21726", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "<ZXONE 9700 , ZXONE 8700, ZXONE 19700>", "version": {"version_data": [{"version_value": "<V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "input verification"}]}]}, "references": {"reference_data": [{"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664", "refsource": "MISC", "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}]}}}}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2021-21726", "datePublished": "2021-03-12T18:05:34", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2021-03-12T18:05:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_9700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*", "matchCriteriaId": "7D7D653D-5E78-4BF7-B93A-211B4ED04BE2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_9700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F3B1F08-335C-4D75-8824-7501BB778F3C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_8700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*", "matchCriteriaId": "4A138D17-A631-4B11-9C76-0EA80B8260CA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D8A058D-5F27-4015-946D-F975F2EADBC9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_19700_firmware:1.0p02b219_\\@ncpm-release_2.40r1-20200914.set:*:*:*:*:*:*:*", "matchCriteriaId": "62AF3DD6-CBF8-4654-8540-80B29285F8FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_19700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8530D441-FED3-48CF-9937-A13951B2E0EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}, {"lang": "es", "value": "Algunos productos ZTE presentan una vulnerabilidad de comprobaci\u00f3n de entrada en la interfaz de la funci\u00f3n de diagnostico. Debido a una comprobaci\u00f3n insuficiente de algunos par\u00e1metros ingresados ??por los usuarios, un atacante con altos privilegios puede causar una excepci\u00f3n en el proceso insertando repetidamente par\u00e1metros ilegales. Esto afecta a: "}], "id": "CVE-2021-21726", "lastModified": "2021-03-19T14:48:38.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-12T19:15:15.007", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}