- Description
- There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
- Source
- psirt@zte.com.cn
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 2.4
- Impact score
- 1.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxhn_h2640:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B4451A86-1BF1-4B10-9A5A-0D532C9F5F9B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxhn_h2640_firmware:10.0.0c6_ty:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC47AFC2-3F09-43A5-8E36-7C751180CE82"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]