CVE Vulnerability

CVE-2021-21736

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E

8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 8.5

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact COMPLETE

Scope

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015964 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-06-10 12:15

Updated : 2021-06-17 07:21

NVD link : CVE-2021-21736

Mitre link : CVE-2021-21736

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions