Login Sign Up

CVE-2021-21736

7.2 HIGH

📋 TL;DR

This vulnerability in ZTE smart cameras allows users whose sharing permissions have been revoked to still control the camera remotely through the cloud app. Attackers can perform actions like restarting the camera or restoring factory settings. This affects ZTE ZXHN HS562 camera models with specific firmware versions.

💻 Affected Systems

Products:
  • ZTE ZXHN HS562 Smart Camera
Versions: V1.0.0.0B2.0000, V1.0.0.0B3.0000E
Operating Systems: Embedded camera firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects cameras connected to ZTE's cloud service with user sharing features enabled.

📦 What is this software?

Zxhn Hs562 Firmware by Zte

View all CVEs affecting Zxhn Hs562 Firmware →

Zxhn Hs562 Firmware by Zte

View all CVEs affecting Zxhn Hs562 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with previously revoked access could factory reset the camera, disable security monitoring, or disrupt surveillance operations.

🟠

Likely Case

Formerly authorized users who should no longer have access can still control camera functions remotely.

🟢

If Mitigated

With proper access control enforcement, only current authorized users can control camera functions.

🌐 Internet-Facing: HIGH - Cloud-connected cameras are internet-facing by design, allowing remote exploitation.
🏢 Internal Only: LOW - The vulnerability is in cloud access control, not local network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires only previously authorized credentials that should have been revoked.

Exploitation requires access credentials from a user who was previously granted sharing permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with ZTE for updated firmware

Vendor Advisory: https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015964

Restart Required: Yes

Instructions:

1. Check ZTE support for firmware updates. 2. Download latest firmware. 3. Apply update through camera management interface. 4. Restart camera.

🔧 Temporary Workarounds

Disable Cloud Sharing

all

Disable all user sharing features in the camera cloud app to prevent exploitation.

Revoke and Re-add Users

all

Completely remove all shared users and re-add only current authorized users.

🧯 If You Can't Patch

  • Disconnect camera from cloud services and use only local network access
  • Implement network segmentation to isolate cameras from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check firmware version in camera web interface or mobile app against affected versions.

Check Version:

Check camera web interface at System > Firmware or similar menu

Verify Fix Applied:

Test if revoked users can still access camera controls after applying firmware update.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts from previously authorized users
  • Factory reset or restart commands from unexpected sources

Network Indicators:

  • Cloud API calls from revoked user accounts
  • Unexpected camera control commands

SIEM Query:

source="camera_logs" AND (event="factory_reset" OR event="restart") AND user_status="revoked"

📊 Metadata

CVE ID: CVE-2021-21736
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: June 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21736, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)