CVE ID: CVE-2021-21737 CVSS 3.1 Base Score: 6.8 Medium (AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) Description: - A Smart STB product of ZTE has a permission and access control vulnerability due to insufficient protection of the system application. Attackers can exploit this vulnerability to tamper with the system desktop and affect system customization functions. Affected Products and Fixes: - Product Name: ZXV10 B860H V5.0 - Affected Version: V83011303.0010 and V83011303.0016 - Resolved Version: V83011303.0019 Source: The vulnerability was found by ZTE's internal test. Update Records: June 22, 2021, initial. Supporting team contacts: - ZTE GCSC hotline: 0755-26770800, 800-830-1118, 400-830-1118 - Product forum at ZTE Support website. ZTE PSIRT: Email: psirt@zte.com.cn, PGP key ID: FF095577.