mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
224 lines
6.1 KiB
JSON
224 lines
6.1 KiB
JSON
{
|
|
"id": "CVE-2021-21744",
|
|
"sourceIdentifier": "psirt@zte.com.cn",
|
|
"published": "2021-10-20T16:15:08.160",
|
|
"lastModified": "2021-10-25T16:14:48.427",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El producto ZTE MF971R presenta una vulnerabilidad de control de archivos de configuraci\u00f3n. Un atacante podr\u00eda usar esta vulnerabilidad para modificar los par\u00e1metros de configuraci\u00f3n del dispositivo, causando que algunas funciones de seguridad del dispositivo sean deshabilitadas"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:mf971r_firmware:v1.0.0b05:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "72A4F659-C656-47D6-B38E-5BA8E73DCD30"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:mf971r_firmware:1v1.0.0b06:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "35FA4400-636F-48E7-AF1E-9416D9E9386F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:mf971r_firmware:2v1.0.0b03:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "252BBFAA-0053-441A-8F20-A737EF573355"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:mf971r_firmware:s2v1.0.0b03:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7B066F08-DDC4-4868-8FD2-620E46660B64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zte:mf971r_firmware:sv1.0.0b05:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AAA1BD70-DC47-4B81-A906-3FD76E593F75"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A7F54F4-E324-4D1E-839E-677396BAFE49"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764",
|
|
"source": "psirt@zte.com.cn",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |