Information Leak Vulnerability in The Message Service App of a ZTE Mobile Phone

Original release date:  September 24, 2021

 

CVE ID

CVE-2021-21742

 

CVSS 3.1 Base Score

4.7 MediumAV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

 

Description

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

  

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZTE Axon 30 Pro Message Service App

5.3.1.2103091059

5.3.2.2107081105

 

Acknowledgement

ZTE thanks Xiaofeng Liu (Shandong University), Qinsheng Hou (Shandong University & Qi An Xin Group Corp.) for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

 September 24, 2021, initial. 

 

Supporting team contacts

1.  ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2.  Product forum at ZTE Support website. 

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.