Information Leak Vulnerability in A ZTE Product

Initial release date:  March 5, 2021

 

CVE ID

CVE-2021-21725

 

CVSS 3.1 Base Score

4.8 Medium (AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

 

Description

A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXHN H196Q

V9.1.0C2

V9.1.0C3

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

March 5, 2021, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]