|
Original release date: 15 November 2019 CVE ID CVE-2019-3423 CVE-2019-3424 CVSS 3.0 Base Score CVE-2019-3423 4.4 Medium (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) CVE-2019-3424 5.1 Medium (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N) Statement China National Vulnerability Database (CNVD) reported two vulnerabilities in the C520V21 smart camera to ZTE PSIRT. According to the analysis of product teams, these two vulnerabilities exist in the V2.1.14 and below versions of C520V21 smart camera devices. CVE-2019-3423: permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources. CVE-2019-3424: authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations. ZTE recommends that users log in to ZTE smart home website to download the latest version and upgrade the device firmware. The download URL is as follows: https://www.ztehome.com.cn/support/searchRsltTable.php?id=67 Credit Thanks to China National Vulnerability Database (CNVD) for reporting the security vulnerabilities to ZTE PSIRT. Update Records 15 November 2019, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|