CVE Vulnerability

CVE-2021-21726

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

2.3 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-03-12 07:15

Updated : 2021-03-19 02:48

NVD link : CVE-2021-21726

Mitre link : CVE-2021-21726

Products Affected
No products.
CWE
CWE-20