CVE-2021-21722

low-risk
Published 2021-01-14

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.4/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Zxv10 B860A Firmware

Affected Vendors

Zte

References (2)

Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324
Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014324
20
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal