CVE-2021-21735 in ZXHN H168N
Summary
by MITRE • 06/10/2021
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/26/2026
The vulnerability identified as CVE-2021-21735 represents a critical information disclosure flaw within ZTE's ZXHN H168N router firmware versions up to V3.5.0_EG1T4_TE. This vulnerability stems from inadequate access control mechanisms that fail to properly enforce authentication requirements for sensitive administrative interfaces. The flaw specifically manifests through the wizard page functionality, which should typically require elevated privileges or proper authentication before exposing sensitive configuration data to users.
The technical implementation of this vulnerability demonstrates a clear violation of the principle of least privilege as defined by the CWE-284 category, which addresses improper access control issues. Attackers with standard user permissions can exploit this weakness to bypass normal authentication mechanisms and gain unauthorized access to sensitive user information through the web-based administrative interface. The vulnerability exists because the system fails to properly validate user credentials or roles before allowing access to the wizard page, creating an unauthorized information disclosure pathway.
This information leak vulnerability creates significant operational risks for affected deployments, particularly in residential and small business environments where ZTE routers serve as primary network gateways. The exposure of sensitive user information through the wizard page could potentially include network configuration details, user credentials, device identification information, or other data that could facilitate further attacks. The impact extends beyond simple data exposure since this information could be leveraged by attackers to plan more sophisticated attacks or to establish persistent access to the affected network infrastructure.
The exploitation of this vulnerability aligns with ATT&CK technique T1213.002, which covers data from information repositories, as attackers can systematically extract sensitive data without requiring elevated privileges. Organizations should consider this vulnerability in their threat modeling exercises, particularly in environments where physical security controls may be insufficient. The attack surface is particularly concerning given that the affected device is a residential gateway device, which typically lacks robust security controls and may be deployed in environments where security monitoring is minimal.
Mitigation strategies should prioritize immediate firmware updates from ZTE to address the identified access control flaw. Network administrators should also implement additional security controls including network segmentation, access control lists, and monitoring for unauthorized access attempts to administrative interfaces. The vulnerability highlights the importance of proper input validation and access control implementation in network device firmware, as outlined in industry best practices for secure software development. Organizations should also consider implementing network access control measures to prevent unauthorized users from accessing the device's administrative interfaces entirely.