CVE-2021-21729

Published: Apr 13, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1

Affected (2)

Products: Zte: Zxhn H168n Firmware, Zxhn H108n Firmware

2 products

Zxhn H168n Firmware

Zxhn H108n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxhn H168n Firmware	Version 3.5.0_eg1t5_te

Running on/with	Platform Versions
Zte Zxhn H168n	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxhn H108n Firmware	Version 2.5.5_btmt1

Running on/with	Platform Versions
Zte Zxhn H108n	All versions

Related CWEs

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904

Source: psirt@zte.com.cn

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014904

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.