CVE-2021-21737

Published: Jun 24, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016

Affected (2)

Products: Zte: Zxv10 B860h V5.0 Firmware

1 product

Zxv10 B860h V5.0 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 B860h V5.0 Firmware	Version v83011303.0010
Zte Zxv10 B860h V5.0 Firmware	Version v83011303.0016

Running on/with	Platform Versions
Zte Zxv10 B860h V5.0	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1016004

Source: psirt@zte.com.cn

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1016004

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.