CVE-2021-21735

EUVD-2021-8907
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
ztezxhn_h168n_firmware
𝑥
≤ 3.5.0_eg1t4_te
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924