Description

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

Related CPE's

o

zte

zxhn_h168n_firmware

Vulnerable

h

zte

zxhn_h168n

-

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-281

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-06-10T10:15:08.457Z

4 years ago

Last modified

2024-11-21T04:48:54.387Z

1 year ago