ID

VAR-202110-0398


CVE

CVE-2021-21744


TITLE

ZTE MF971R  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013973

DESCRIPTION

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled. ZTE MF971R Exists in unspecified vulnerabilities.Information may be tampered with. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps

Trust: 2.25

sources: NVD: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-92820

AFFECTED PRODUCTS

vendor:ztemodel:mf971rscope:eqversion:sv1.0.0b05

Trust: 1.0

vendor:ztemodel:mf971rscope:eqversion:1v1.0.0b06

Trust: 1.0

vendor:ztemodel:mf971rscope:eqversion:2v1.0.0b03

Trust: 1.0

vendor:ztemodel:mf971rscope:eqversion:v1.0.0b05

Trust: 1.0

vendor:ztemodel:mf971rscope:eqversion:s2v1.0.0b03

Trust: 1.0

vendor:ztemodel:mf971rscope:eqversion: -

Trust: 0.8

vendor:ztemodel:mf971rscope: - version: -

Trust: 0.8

vendor:ztemodel:mf971rscope:eqversion:mf971r firmware

Trust: 0.8

vendor:ztemodel:mf971r bd zte mf971rv1.0.0b05scope: - version: -

Trust: 0.6

vendor:ztemodel:mf971r bd plkplmf971r1v1.0.0b06scope: - version: -

Trust: 0.6

vendor:ztemodel:mf971r bd mf971r2v1.0.0b03scope: - version: -

Trust: 0.6

vendor:ztemodel:mf971r bd zte mf971rs2v1.0.0b03scope: - version: -

Trust: 0.6

vendor:ztemodel:mf971r bd zte mf971rsv1.0.0b05scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-92820 // JVNDB: JVNDB-2021-013973 // NVD: CVE-2021-21744

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21744
value: HIGH

Trust: 1.0

NVD: CVE-2021-21744
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-92820
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202110-1254
value: HIGH

Trust: 0.6

VULMON: CVE-2021-21744
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21744
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-92820
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-21744
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-21744
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254 // NVD: CVE-2021-21744

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013973 // NVD: CVE-2021-21744

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1254

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1254

PATCH

title:Multiple Vulnerabilities in a ZTE Mobile Internet Producturl:https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764

Trust: 0.8

title:Patch for ZTE MF971R configuration file control vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/301771

Trust: 0.6

title:ZTE MF971R LTE router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167217

Trust: 0.6

sources: CNVD: CNVD-2021-92820 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254

EXTERNAL IDS

db:NVDid:CVE-2021-21744

Trust: 3.9

db:ZTEid:1019764

Trust: 1.7

db:JVNDBid:JVNDB-2021-013973

Trust: 0.8

db:CNVDid:CNVD-2021-92820

Trust: 0.6

db:CS-HELPid:SB2021101910

Trust: 0.6

db:TALOSid:TALOS-2021-1316

Trust: 0.6

db:CNNVDid:CNNVD-202110-1254

Trust: 0.6

db:VULMONid:CVE-2021-21744

Trust: 0.1

sources: CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254 // NVD: CVE-2021-21744

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-21744

Trust: 2.0

url:https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019764

Trust: 1.7

url:https://www.cybersecurity-help.cz/vdb/sb2021101910

Trust: 0.6

url:https://talosintelligence.com/vulnerability_reports/talos-2021-1316

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254 // NVD: CVE-2021-21744

CREDITS

Discovered by Marcin ’Icewall’ Noga of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202110-1254

SOURCES

db:CNVDid:CNVD-2021-92820
db:VULMONid:CVE-2021-21744
db:JVNDBid:JVNDB-2021-013973
db:CNNVDid:CNNVD-202110-1254
db:NVDid:CVE-2021-21744

LAST UPDATE DATE

2024-08-14T13:43:18.994000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-92820date:2021-12-01T00:00:00
db:VULMONid:CVE-2021-21744date:2021-10-25T00:00:00
db:JVNDBid:JVNDB-2021-013973date:2022-09-30T05:49:00
db:CNNVDid:CNNVD-202110-1254date:2021-10-27T00:00:00
db:NVDid:CVE-2021-21744date:2021-10-25T16:14:48.427

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-92820date:2021-12-01T00:00:00
db:VULMONid:CVE-2021-21744date:2021-10-20T00:00:00
db:JVNDBid:JVNDB-2021-013973date:2022-09-30T00:00:00
db:CNNVDid:CNNVD-202110-1254date:2021-10-18T00:00:00
db:NVDid:CVE-2021-21744date:2021-10-20T16:15:08.160