|
Initial release date: April 13, 2021 CVE ID CVE-2021-21729 CVSS 3.1 Base Score 6.5 Medium(AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) Description Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXHN H168N V3.5 | V3.5.0_EG1T5_TE | V3.5.0P1N3_TE1 | ZXHN H108N V2.5 | V2.5.5_BTMT1 | Alternative product: H168N V3.5 |
Acknowledgement ZTE thanks Morad Abdelrasheed, Zeyad Azima, RonaldHernández and Mohammed Sami aka Jizen0x01 for paying attention to our products and cooperating with us to disclose vulnerability. Update Records April 13, 2021, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|