Information Leak Vulnerability in A ZTE Product

Original release date:  June 9, 2021
 
 

CVE ID

CVE-2021-21735

 

CVSS 3.1 Base Score

3.5 Low  (AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

 
Description

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXHN H168N V3.5 Etis

All versions up to V3.5.0_EG1T4_TE

V3.5.0_EG1T10_ETS

 

 

Acknowledgement

ZTE thanks Mina Nageh Salama for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

June 9, 2021, initial.

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.