CVE-2021-21729
Severity CVSS v4.0:
Pending analysis
Type:
CWE-330
Use of Insufficiently Random Value
Publication date:
13/04/2021
Last modified:
28/06/2022
Description
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:zte:zxhn_h168n_firmware:3.5.0_eg1t5_te:*:*:*:*:*:*:* | ||
cpe:2.3:h:zte:zxhn_h168n:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:zte:zxhn_h108n_firmware:2.5.5_btmt1:*:*:*:*:*:*:* | ||
cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page