CVE-2021-21735

medium

Published 2021-06-10 · Modified 2026-05-26

CVSS v3

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@zte.com.cn — https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924
http://seclists.org/fulldisclosure/2026/May/21
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

CWEs

CWE-281

Verify integrity in audit chain (admin only). AS-IS.