Details of VAR-202110-0398

ID

VAR-202110-0398

CVE

CVE-2021-21744

TITLE

ZTE MF971R Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013973

DESCRIPTION

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled. ZTE MF971R Exists in unspecified vulnerabilities.Information may be tampered with. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps

Trust: 2.25

sources: NVD: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-92820

AFFECTED PRODUCTS

vendor:	zte	model:	mf971r	scope:	eq	version:	sv1.0.0b05	Trust: 1.0
vendor:	zte	model:	mf971r	scope:	eq	version:	1v1.0.0b06	Trust: 1.0
vendor:	zte	model:	mf971r	scope:	eq	version:	2v1.0.0b03	Trust: 1.0
vendor:	zte	model:	mf971r	scope:	eq	version:	v1.0.0b05	Trust: 1.0
vendor:	zte	model:	mf971r	scope:	eq	version:	s2v1.0.0b03	Trust: 1.0
vendor:	zte	model:	mf971r	scope:	eq	version:	-	Trust: 0.8
vendor:	zte	model:	mf971r	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	mf971r	scope:	eq	version:	mf971r firmware	Trust: 0.8
vendor:	zte	model:	mf971r bd zte mf971rv1.0.0b05	scope:	-	version:	-	Trust: 0.6
vendor:	zte	model:	mf971r bd plkplmf971r1v1.0.0b06	scope:	-	version:	-	Trust: 0.6
vendor:	zte	model:	mf971r bd mf971r2v1.0.0b03	scope:	-	version:	-	Trust: 0.6
vendor:	zte	model:	mf971r bd zte mf971rs2v1.0.0b03	scope:	-	version:	-	Trust: 0.6
vendor:	zte	model:	mf971r bd zte mf971rsv1.0.0b05	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-92820 // JVNDB: JVNDB-2021-013973 // NVD: CVE-2021-21744

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21744
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21744
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-92820
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-1254
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-21744
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21744
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-92820
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-21744
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21744
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254 // NVD: CVE-2021-21744

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013973 // NVD: CVE-2021-21744

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1254

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1254

PATCH

title:	Multiple Vulnerabilities in a ZTE Mobile Internet Product	url:	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764	Trust: 0.8
title:	Patch for ZTE MF971R configuration file control vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/301771	Trust: 0.6
title:	ZTE MF971R LTE router Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167217	Trust: 0.6

sources: CNVD: CNVD-2021-92820 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21744	Trust: 3.9
db:	ZTE	id:	1019764	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-013973	Trust: 0.8
db:	CNVD	id:	CNVD-2021-92820	Trust: 0.6
db:	CS-HELP	id:	SB2021101910	Trust: 0.6
db:	TALOS	id:	TALOS-2021-1316	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-1254	Trust: 0.6
db:	VULMON	id:	CVE-2021-21744	Trust: 0.1

sources: CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254 // NVD: CVE-2021-21744

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-21744	Trust: 2.0
url:	https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019764	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021101910	Trust: 0.6
url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1316	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-92820 // VULMON: CVE-2021-21744 // JVNDB: JVNDB-2021-013973 // CNNVD: CNNVD-202110-1254 // NVD: CVE-2021-21744

CREDITS

Discovered by Marcin ’Icewall’ Noga of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202110-1254

SOURCES

db:	CNVD	id:	CNVD-2021-92820
db:	VULMON	id:	CVE-2021-21744
db:	JVNDB	id:	JVNDB-2021-013973
db:	CNNVD	id:	CNNVD-202110-1254
db:	NVD	id:	CVE-2021-21744

LAST UPDATE DATE

2024-08-14T13:43:18.994000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-92820	date:	2021-12-01T00:00:00
db:	VULMON	id:	CVE-2021-21744	date:	2021-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-013973	date:	2022-09-30T05:49:00
db:	CNNVD	id:	CNNVD-202110-1254	date:	2021-10-27T00:00:00
db:	NVD	id:	CVE-2021-21744	date:	2021-10-25T16:14:48.427

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-92820	date:	2021-12-01T00:00:00
db:	VULMON	id:	CVE-2021-21744	date:	2021-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-013973	date:	2022-09-30T00:00:00
db:	CNNVD	id:	CNNVD-202110-1254	date:	2021-10-18T00:00:00
db:	NVD	id:	CVE-2021-21744	date:	2021-10-20T16:15:08.160