CVE-2021-21726 Information

Description

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 ZXONE 8700 ZXONE 19700><V1.40.021.021CP049 V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Reference

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

2.3