CVE-2021-21726 - Vulnerability Details - OpenCVE

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zte	Zxone 19700 Zxone 19700 Firmware Zxone 8700 Zxone 8700 Firmware Zxone 9700 Zxone 9700 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zte:zxone_9700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_9700:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zte:zxone_8700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_8700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zte:zxone_19700_firmware:1.0p02b219_\@ncpm-release_2.40r1-20200914.set:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxone_19700:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664

History

No history.

MITRE

Status: PUBLISHED

Assigner: zte

Published: 2021-03-12T18:05:34

Updated: 2024-08-03T18:23:28.330Z

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-21726

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-12T19:15:15.007

Modified: 2024-11-21T05:48:53.330

Link: CVE-2021-21726

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "<ZXONE 9700 , ZXONE 8700, ZXONE 19700>", "vendor": "n/a", "versions": [{"status": "affected", "version": "<V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}]}], "descriptions": [{"lang": "en", "value": "Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}], "problemTypes": [{"descriptions": [{"description": "input verification", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-12T18:05:34", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2021-21726", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "<ZXONE 9700 , ZXONE 8700, ZXONE 19700>", "version": {"version_data": [{"version_value": "<V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "input verification"}]}]}, "references": {"reference_data": [{"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664", "refsource": "MISC", "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:23:28.330Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}]}]}, "cveMetadata": {"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2021-21726", "datePublished": "2021-03-12T18:05:34", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:23:28.330Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_9700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*", "matchCriteriaId": "7D7D653D-5E78-4BF7-B93A-211B4ED04BE2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_9700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F3B1F08-335C-4D75-8824-7501BB778F3C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_8700_firmware:1.40.021.021cp049:*:*:*:*:*:*:*", "matchCriteriaId": "4A138D17-A631-4B11-9C76-0EA80B8260CA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D8A058D-5F27-4015-946D-F975F2EADBC9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxone_19700_firmware:1.0p02b219_\\@ncpm-release_2.40r1-20200914.set:*:*:*:*:*:*:*", "matchCriteriaId": "62AF3DD6-CBF8-4654-8540-80B29285F8FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxone_19700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8530D441-FED3-48CF-9937-A13951B2E0EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>"}, {"lang": "es", "value": "Algunos productos ZTE presentan una vulnerabilidad de comprobaci\u00f3n de entrada en la interfaz de la funci\u00f3n de diagnostico. Debido a una comprobaci\u00f3n insuficiente de algunos par\u00e1metros ingresados ??por los usuarios, un atacante con altos privilegios puede causar una excepci\u00f3n en el proceso insertando repetidamente par\u00e1metros ilegales. Esto afecta a: "}], "id": "CVE-2021-21726", "lastModified": "2024-11-21T05:48:53.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-12T19:15:15.007", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}