CVE-2021-21735

EPSS 0.15%
Veröffentlicht 10.06.2021 12:15:08
Zuletzt bearbeitet 21.11.2024 05:48:54
Quelle psirt@zte.com.cn
CVE-Watchlists
Login
Unerledigt
Login

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zte ≫ Zxhn H168n Firmware Version <= 3.5.0_eg1t4_te

Zte ≫ Zxhn H168n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.359

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21735

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21735

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21735

EUVD