Vulnerability Details : CVE-2021-21735

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

Published 2021-06-10 12:15:08

Updated 2021-06-17 18:56:28

Source ZTE Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-21735

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-21735

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2021-21735

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-21735

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

Security Bulletin Details
Vendor Advisory

Products affected by CVE-2021-21735

ZTE » Zxhn H168n Firmware
Versions up to, including, (<=) 3.5.0_eg1t4_te
cpe:2.3:o:zte:zxhn_h168n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: ZTE » Zxhn H168n » Version: N/A