{
  "id": "CVE-2021-21725",
  "sourceIdentifier": "psirt@zte.com.cn",
  "published": "2021-03-05T17:15:14.297",
  "lastModified": "2021-03-12T15:42:38.953",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2."
    },
    {
      "lang": "es",
      "value": "Un producto ZTE presenta una vulnerabilidad de filtrado de informaci\u00f3n. Un atacante con mayor autoridad puede ir m\u00e1s all\u00e1 de su autoridad para acceder a archivos en otros directorios al llevar a cabo operaciones espec\u00edficas, resultando en un filtrado de informaci\u00f3n. Esto afecta a: ZXHN H196Q V9.1.0C2"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector": "ADJACENT_NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.7
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 5.1,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxhn_h196q_firmware:9.1.0c2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89E7CEBA-96D4-4012-A7FA-358098C07C9E"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:zte:zxhn_h196q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876480B-AD6A-4AB4-9015-CC471414CBC2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624",
      "source": "psirt@zte.com.cn",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}