CVE-2021-21725
MEDIUMZTE ZXHN H196Q V9.1.0C2 - Authenticated Directory Traversal and Information Disclosure
Title source: llmDescription
A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624
Scores
CVSS v3
5.7
EPSS
0.0008
EPSS Percentile
22.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (1)
zte/zxhn_h196q_firmware
9.1.0c2
Published
Mar 05, 2021
Tracked Since
Feb 18, 2026