CVE-2021-21736

HIGH Year: 2021
CVSS v3 Score
7.2
High
CVSS v2 Score
8.0
High
Weakness Type
CWE-276
View all →

Vulnerability Description

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E

Related Vulnerabilities

CVE-2018-17860

HIGH
CVSS:7.2(High)

Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.

CWE-2762018

CVE-2018-6683

HIGH
CVSS:7.2(High)

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP...

CWE-2762018

CVE-2019-16185

HIGH
CVSS:7.2(High)

In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.

CWE-2762019

CVE-2019-16186

HIGH
CVSS:7.2(High)

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.

CWE-2762019

CVE-2021-22311

HIGH
CVSS:7.2(High)

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow ce...

CWE-2762021

CVE-2021-37289

HIGH
CVSS:7.2(High)

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.

CWE-2762021