CVE ID: CVE-2021-21732 CVSS 3.1 Base Score: 4.7 Medium (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) Description: Improper Access Control Vulnerability in A Mobile Phone of ZTE. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. Affected Products and Fixes: - Product Name: Axon 11 5G - Affected Version: ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys - Resolved Version: All versions released after 2021.5.1 have fixed the vulnerability. Acknowledgement: ZTE thanks Qing Zhang of WuHeng Lab of ByteDance for paying attention to our products and cooperating with us to disclose vulnerability. Update Records: April 30, 2021, initial.