CVE-2021-21729

Severity CVSS v4.0:
Pending analysis
Type:
CWE-330 Use of Insufficiently Random Value
Publication date:
13/04/2021
Last modified:
28/06/2022

Description

Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:zte:zxhn_h168n_firmware:3.5.0_eg1t5_te:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_h168n:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxhn_h108n_firmware:2.5.5_btmt1:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*