Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21725

A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.

Published

2021-03-05T17:15:14.297

Last Modified

2024-11-21T05:48:53.213

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

5.1

Impact Score

2.9

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	zxhn_h196q_firmware	9.1.0c2	Yes
Hardware	zte	zxhn_h196q	-	No

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624 Vendor Advisory ([email protected])
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)