Improper Access Control Vulnerability in A ZTE Product

Initial release date:  April 13, 2021

 

CVE ID

CVE-2021-21730

 

CVSS 3.1 Base Score

6.2  Medium(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

 

Description

A ZTE product is impacted by improper access control vulnerability. The attacker could exploit  this vulnerability to access CLI by brute force attacks.

 

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXHN H168N V3.5

V3.5.0_TY.T6

V3.5.0P1N3_TE1

 

 

Acknowledgement

ZTE thanks Morad Abdelrasheed and Zeyad Azima for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

April 13, 2021, initial.

 

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.