Sign-up

ID

VAR-202106-0821


CVE

CVE-2021-21735


TITLE

ZXHN H168N  Vulnerability regarding improper retention of permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007929

DESCRIPTION

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. ZXHN H168N There is a vulnerability in improper retention of permissions.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-21735 // JVNDB: JVNDB-2021-007929

AFFECTED PRODUCTS

vendor:ztemodel:zxhn h168nscope:lteversion:3.5.0_eg1t4_te

Trust: 1.0

vendor:ztemodel:zxhn h168nscope:eqversion: -

Trust: 0.8

vendor:ztemodel:zxhn h168nscope:lteversion:zxhn h168n firmware 3.5.0_eg1t4_te until

Trust: 0.8

sources: JVNDB: JVNDB-2021-007929 // NVD: CVE-2021-21735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21735
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-21735
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2021-21735
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-21735
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-21735
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-007929 // NVD: CVE-2021-21735

PROBLEMTYPE DATA

problemtype:CWE-281

Trust: 1.0

problemtype:Improper retention of permissions (CWE-281) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007929 // NVD: CVE-2021-21735

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-790

PATCH

title:Information Leak Vulnerability in A ZTE Producturl:https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

Trust: 0.8

title:ZTE ZXHN H168N Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153798

Trust: 0.6

sources: JVNDB: JVNDB-2021-007929 // CNNVD: CNNVD-202106-790

EXTERNAL IDS

db:NVDid:CVE-2021-21735

Trust: 3.2

db:ZTEid:1015924

Trust: 1.6

db:JVNDBid:JVNDB-2021-007929

Trust: 0.8

db:CNNVDid:CNNVD-202106-790

Trust: 0.6

sources: JVNDB: JVNDB-2021-007929 // CNNVD: CNNVD-202106-790 // NVD: CVE-2021-21735

REFERENCES

url:https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1015924

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-21735

Trust: 0.8

sources: JVNDB: JVNDB-2021-007929 // CNNVD: CNNVD-202106-790 // NVD: CVE-2021-21735

SOURCES

db:JVNDBid:JVNDB-2021-007929
db:CNNVDid:CNNVD-202106-790
db:NVDid:CVE-2021-21735

LAST UPDATE DATE

2024-08-14T13:43:31.821000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-007929date:2022-02-28T05:49:00
db:CNNVDid:CNNVD-202106-790date:2021-06-11T00:00:00
db:NVDid:CVE-2021-21735date:2021-06-17T18:56:27.863

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-007929date:2022-02-28T00:00:00
db:CNNVDid:CNNVD-202106-790date:2021-06-10T00:00:00
db:NVDid:CVE-2021-21735date:2021-06-10T12:15:08.457