CVE-2021-21740
LOWZTE ZXHN H2640 Firmware - Information Disclosure via Symbolic Link Traversal
Title source: llmDescription
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1017244
Scores
CVSS v3
2.4
EPSS
0.0005
EPSS Percentile
15.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-59
Status
published
Products (1)
zte/zxhn_h2640_firmware
10.0.0c6_ty
Published
Aug 09, 2021
Tracked Since
Feb 18, 2026