|
Original release date: June 9, 2021 CVE ID CVE-2021-21736
CVSS 3.1 Base Score 6.2 Medium(AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L) Description A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXHN HS562 | V1.0.0.0B2.0000 V1.0.0.0B3.0000 | V1.0.0.2B1_0000 |
Acknowledgement ZTE thanks CNVD for paying attention to our products and cooperating with us to disclose vulnerability. Update Records June 9, 2021, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|