CVE-2021-21736

Name of the Vulnerable Software and Affected Versions ZXHN HS562 versions V1.0.0.0B2.0000 through V1.0.0.0B3.0000E

Description A permission and access control issue affects a smart camera product of ZTE. The cloud-end app has a defect in user permission management, allowing users whose sharing permissions have been revoked to still control the camera. This includes actions such as restarting the camera and restoring factory settings.

Recommendations For versions V1.0.0.0B2.0000 and V1.0.0.0B3.0000E, consider restricting access to the camera's control features until a patch is available. As a temporary workaround, disable the ability to restart the camera and restore factory settings remotely for users whose sharing permissions have been revoked.