CVE-2021-21735

MEDIUM

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

CVSS v3.1 Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Published: 6/10/2021Modified: 5/26/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (3)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924Vendor Advisory http://seclists.org/fulldisclosure/2026/May/21 https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924Vendor Advisory