CVE-2021-21740 Information

Description

There is an information leak vulnerability in the digital media player (DMS) of ZTE’s residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway and access unauthorized directory information through the symbolic link causing information leak.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

2.4