Permission And Access Control Vulnerability in A Smart Camera of ZTE

Original release date:  June 9, 2021

 

CVE ID

CVE-2021-21736


CVSS 3.1 Base Score

6.2 MediumAV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

 
Description

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.

 
Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXHN HS562

V1.0.0.0B2.0000

V1.0.0.0B3.0000

V1.0.0.2B1_0000

 

 

Acknowledgement

ZTE thanks CNVD for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

June 9, 2021, initial.

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]