- Description
- A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.
- Source
- psirt@zte.com.cn
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 4.4
- Impact score
- 3.6
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-532
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxv10_b860a_firmware:v2.1-t_v0032.1.1.04_jiangsutelecom:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82FF3FEF-2943-4327-90F6-0C8AA7A63182"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxv10_b860a:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "290044BC-2211-4044-8899-5D4B69C6A881"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]