CVE-2021-21735

6.5 MEDIUM

A ZTE product has an information leak vulnerability

Published: 2021-06-10 · Last updated: 2026-05-26

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-281

Affected products

Vendor	Product
zte	zxhn_h168n_firmware

Description

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-21735
[Vendor advisory]https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924
[Other]http://seclists.org/fulldisclosure/2026/May/21
[Vendor advisory]https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924

Related CVEs

Same vendor

CVE-2026-44409 — There is an an information disclosure vulnerability in ZTE MU5250 (5.7 MEDIUM)
CVE-2026-34472 — Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated at... (7.1 HIGH)

Same CWE

CVE-2026-40767 — Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions (7.5 HIGH)
CVE-2024-47270 — Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 an... (2.7 LOW)
CVE-2026-44832 — Snipe-IT is an IT asset/license management system (8.8 HIGH)
CVE-2026-24194 — NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission han... (7.8 HIGH)
CVE-2026-34744 — Mantis Bug Tracker (MantisBT) is an open source issue tracker