Information Leak Vulnerability in a ZTE's Residential Gateway Product

Original release date:  August 4, 2021

 

CVE ID

CVE-2021-21740

 

CVSS 3.1 Base Score

1.8 LowAV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

 

Description

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.

  

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXHN H2640

V10.0.0C6_TY

V10.0.0P6_TY

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

 August 4, 2021, initial. 

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website. 

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.