Vulnerabilities > CVE-2021-21725 - Incorrect Authorization vulnerability in ZTE Zxhn H196Q Firmware 9.1.0C2

CVSS 2.7 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

zte

CWE-863

NVD

Published: 2021-03-05

Updated: 2021-03-12

Summary

A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxhn H196Q Firmware 9.1.0C2	1
Hardware	Zte ZTE Zxhn H196Q -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624