CVE-2021-21729

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H168N versions V2.5.5 through V3.5.0 EG1T5 TE ZTE ZXHN H108N version V2.5.5 BTMT1

Description The issue arises from the lack of CSRF random value verification on some pages, allowing attackers to perform unauthorized operations by constructing malicious messages. This can lead to illegal authorization.

Recommendations For ZTE ZXHN H168N versions V2.5.5 through V3.5.0 EG1T5 TE, consider implementing CSRF random value verification to prevent unauthorized operations. For ZTE ZXHN H108N version V2.5.5 BTMT1, consider implementing CSRF random value verification to prevent unauthorized operations. As a temporary workaround, consider restricting access to sensitive pages that lack CSRF protection to minimize the risk of exploitation.