CVE-2021-21740

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.4 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
zteCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
ztezxhn_h2640_firmware
10.0.0c6_ty:c6_ty
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244