CVE-2021-21736 Information

Description

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app users whose sharing permissions have been revoked can still control the camera such as restarting the camera restoring factory settings etc.. This affects ZXHN HS562 V1.0.0.0B2.0000 V1.0.0.0B3.0000E

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015964

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2