First published: Tue Apr 13 2021(Updated: )
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxhn H168n Firmware | =3.5.0_eg1t5_te | |
ZTE ZXHN H168N | ||
Zte Zxhn H108n Firmware | =2.5.5_btmt1 | |
ZTE ZXHN H108N |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this CSRF vulnerability in ZTE products is CVE-2021-21729.
The severity of CVE-2021-21729 is medium with a CVSS score of 6.5.
ZXHN H168N V3.5.0_EG1T5_TE and ZXHN H108N V2.5.5_BTMT1 are affected by CVE-2021-21729.
Attackers could perform illegal authorization operations by constructing messages due to the CSRF vulnerability in ZTE products.
Please refer to the ZTE support website for information on fixes for CVE-2021-21729.