CVE-2021-21736

Опубликовано: 10 июн. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 8

EPSS Низкий

Описание

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E

Ссылки

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015964
Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015964
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:zte:zxhn_hs562_firmware:1.0.0.0b2.0000:*:*:*:*:*:*:*

cpe:2.3:o:zte:zxhn_hs562_firmware:1.0.0.0b3.0000:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_hs562:-:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00326

Низкий

7.2 High

CVSS3

8 High

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-j56v-m9w9-5r65

github

больше 3 лет назад