Vulnerabilities > CVE-2021-21735 - Improper Preservation of Permissions vulnerability in ZTE Zxhn H168N Firmware

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zte

CWE-281

NVD

Published: 2021-06-10

Updated: 2021-06-17

Summary

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxhn H168N Firmware 2.2.0_Pk1.2T2 ZTE Zxhn H168N Firmware 2.2.0_Pk1.2T5 ZTE Zxhn H168N Firmware 2.2.0_Pk11T ZTE Zxhn H168N Firmware 2.2.0_Pk11T7	4
Hardware	Zte ZTE Zxhn H168N -	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924