Login Sign Up

CVE-2021-21732

7.5 HIGH

📋 TL;DR

This vulnerability allows third-party applications on affected ZTE mobile phones to read sensitive files from the proc filesystem without proper authorization due to improper permission settings. Attackers could exploit this to obtain sensitive information from the device. This specifically affects ZTE Axon 11 5G devices with the specified firmware version.

💻 Affected Systems

Products:
  • ZTE Axon 11 5G
Versions: ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys
Operating Systems: Android 10
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific firmware version mentioned; other ZTE devices or different firmware versions may not be vulnerable.

📦 What is this software?

Axon 11 5g Firmware by Zte

View all CVEs affecting Axon 11 5g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive system information, process data, or potentially escalate privileges by reading protected proc files containing system state, memory maps, or credential information.

🟠

Likely Case

Third-party apps could access information about running processes, system configuration, or other sensitive data that should be restricted, leading to information disclosure.

🟢

If Mitigated

With proper access controls, only authorized system components can access sensitive proc files, preventing information leakage to third-party applications.

🌐 Internet-Facing: LOW - This is a local device vulnerability requiring app installation or physical access, not directly exploitable over the internet.
🏢 Internal Only: MEDIUM - Malicious apps could exploit this if installed on affected devices within an organization, potentially accessing sensitive device information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires a malicious app to be installed on the device with basic file read permissions; no special privileges needed beyond what normal apps have.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references, but ZTE has published advisories

Vendor Advisory: https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015064

Restart Required: Yes

Instructions:

1. Check for firmware updates in device settings. 2. Apply any available security updates from ZTE. 3. Restart device after update installation.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store and avoid sideloading unknown applications

Review app permissions

android

Regularly review and restrict unnecessary file access permissions for installed applications

🧯 If You Can't Patch

  • Isolate affected devices from accessing sensitive corporate data
  • Implement mobile device management (MDM) to control app installations and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in Settings > About Phone > Software Information. Compare with affected version: ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys

Check Version:

Not applicable - check through device settings UI

Verify Fix Applied:

Verify firmware version has been updated to a newer version than the vulnerable one listed

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns to /proc directory from non-system apps
  • Apps requesting unnecessary file permissions

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for typical SIEM systems as this is a mobile device vulnerability

📊 Metadata

CVE ID: CVE-2021-21732
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: May 19, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON