var-202110-0398
Vulnerability from variot
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled. ZTE MF971R Exists in unspecified vulnerabilities.Information may be tampered with. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "sv1.0.0b05"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "1v1.0.0b06"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "2v1.0.0b03"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "v1.0.0b05"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": "s2v1.0.0b03"
},
{
"model": "mf971r",
"scope": "eq",
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "mf971r",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "mf971r",
"scope": "eq",
"trust": 0.8,
"vendor": "zte",
"version": "mf971r firmware"
},
{
"model": "mf971r bd zte mf971rv1.0.0b05",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd plkplmf971r1v1.0.0b06",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd mf971r2v1.0.0b03",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd zte mf971rs2v1.0.0b03",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf971r bd zte mf971rsv1.0.0b05",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Marcin \u2019Icewall\u2019 Noga of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
],
"trust": 0.6
},
"cve": "CVE-2021-21744",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-21744",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-92820",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-21744",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-21744",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-21744",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-21744",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-92820",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1254",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-21744",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled. ZTE MF971R Exists in unspecified vulnerabilities.Information may be tampered with. ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21744",
"trust": 3.9
},
{
"db": "ZTE",
"id": "1019764",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-92820",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101910",
"trust": 0.6
},
{
"db": "TALOS",
"id": "TALOS-2021-1316",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-21744",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"id": "VAR-202110-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
}
]
},
"last_update_date": "2024-08-14T13:43:18.994000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple\u00a0Vulnerabilities\u00a0in\u00a0a\u00a0ZTE\u00a0Mobile\u00a0Internet\u00a0Product",
"trust": 0.8,
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764"
},
{
"title": "Patch for ZTE MF971R configuration file control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/301771"
},
{
"title": "ZTE MF971R LTE router Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167217"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21744"
},
{
"trust": 1.7,
"url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1019764"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101910"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1316"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
},
{
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"date": "2021-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"date": "2022-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"date": "2021-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1254"
},
{
"date": "2021-10-20T16:15:08.160000",
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-92820"
},
{
"date": "2021-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21744"
},
{
"date": "2022-09-30T05:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-013973"
},
{
"date": "2021-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1254"
},
{
"date": "2021-10-25T16:14:48.427000",
"db": "NVD",
"id": "CVE-2021-21744"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE\u00a0MF971R\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013973"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1254"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.