CVE-2021-21736
Last modified
CVE-2021-21736 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxhn Hs562 Firmware | 1.0.0.0b2.0000 |
| Zte | Zxhn Hs562 Firmware | 1.0.0.0b3.0000 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-21736?
How severe is CVE-2021-21736?
How do I fix CVE-2021-21736?
Are you affected by CVE-2021-21736?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST