PT-2021-14733 · Zte · Zte Smart Stb

Published

2021-01-14

Updated

2022-07-12

CVE-2021-21722

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ZTE Smart STB version V2.1-T V0032.1.1.04 jiangsuTelecom

Description The ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, allowing attackers to obtain sensitive user information for further information detection and attacks.

Recommendations For version V2.1-T V0032.1.1.04 jiangsuTelecom, consider updating to a newer version that fully verifies the log to prevent information leaks. As a temporary workaround, restrict access to sensitive user information to minimize the risk of exploitation.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2021-21722

Affected Products

Zte Smart Stb

PT-2021-14733 · Zte · Zte Smart Stb

CVE-2021-21722

Weakness Enumeration

Related Identifiers

Affected Products

References · 5