Description

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

Related CPE's

o

zte

zxhn_h168n_firmware

Vulnerable

h

zte

zxhn_h168n

-

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-281

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-06-10T12:15:08.457

4 years ago

Last modified

2021-06-17T18:56:27.863

4 years ago