Information Leak Vulnerability in a ZTE Product

Initial release date:  January 14, 2021

 

CVE ID

CVE-2021-21722

 

CVSS 3.1 Base Score

4.4 Medium(AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

  

Description

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXV10 B860A

V2.1-T_V0032.1.1.04_jiangsuTelecom

V2.1-T-V81011312.0.04_HunanTelecom_R

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

January 14, 2021, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.