Directory Traversal and Access Control Issue in C520V21 Smart Camera by ZTE
CVE-2019-3423

5.3MEDIUM

Key Information:

Vendor: Zte Corporation
Status: C520v21
Vendor: CVE Published:; 18 November 2019

🔔 Create Zte Corporation Vulnerability Alert

What is CVE-2019-3423?

The C520V21 smart camera series from ZTE is susceptible to a permission and access control vulnerability in versions V2.1.14 and earlier. An attacker can exploit this weakness by crafting a malicious URL, allowing them to traverse directories and gain unauthorized access to restricted files or resources, potentially compromising the integrity and confidentiality of the device.

Affected Version(s)

C520V21 All versions up to V2.1.14

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2019
Vulnerability Reserved
Dec 31, 2018