{"containers": {"cna": {"affected": [{"product": "ZXHN H2640", "vendor": "n/a", "versions": [{"status": "affected", "version": "V10.0.0C6_TY"}]}], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak."}], "problemTypes": [{"descriptions": [{"description": "information leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-09T15:30:12", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2021-21740", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ZXHN H2640", "version": {"version_data": [{"version_value": "V10.0.0C6_TY"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information leak"}]}]}, "references": {"reference_data": [{"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244", "refsource": "MISC", "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244"}]}}}}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2021-21740", "datePublished": "2021-08-09T15:30:12", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2021-08-09T15:30:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h2640_firmware:10.0.0c6_ty:*:*:*:*:*:*:*", "matchCriteriaId": "FC47AFC2-3F09-43A5-8E36-7C751180CE82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h2640:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4451A86-1BF1-4B10-9A5A-0D532C9F5F9B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en el reproductor multimedia digital (DMS) del producto de puerta de enlace residencial de ZTE. El atacante podr\u00eda insertar el disco USB con el enlace simb\u00f3lico en el gateway residencial y acceder a informaci\u00f3n de directorio no autorizada mediante el enlace simb\u00f3lico, causando un filtrado de informaci\u00f3n"}], "id": "CVE-2021-21740", "lastModified": "2021-08-17T14:03:15.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-09T16:15:07.037", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}