CVE-2021-21729 — MEDIUM (6.5)

Vulnerability Description

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Zte	Zxhn H168N Firmware	3.5.0_eg1t5_te
Zte	Zxhn H168N	-
Zte	Zxhn H108N Firmware	2.5.5_btmt1
Zte	Zxhn H108N	-

Related Weaknesses (CWE)

CWE-330 CWE-352

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904Vendor Advisory

FAQ

What is CVE-2021-21729?

CVE-2021-21729 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN ...

How severe is CVE-2021-21729?

CVE-2021-21729 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21729?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxhn H168N Firmware, Zte Zxhn H168N, Zte Zxhn H108N Firmware, Zte Zxhn H108N.