CVE-2023-25645

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-25645
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:*
cpe:2.3:h:zte:up_t2_4k:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b866v2-h:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1029:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.2012:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0016:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0018:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0019:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b866v2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0049:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0051:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0053:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0063:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0069:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b860h_v5d0:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0026:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0031:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0033:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0035:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b866v2f:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-06-16 19:15

Updated : 2023-06-26 22:19

NVD link : CVE-2023-25645

Mitre link : CVE-2023-25645

CVE.ORG link : CVE-2023-25645

JSON object : View

Products Affected

zte

  • zxv10_b866v2-h_firmware
  • zxv10_b860h_v5d0_firmware
  • zxv10_b866v2f_firmware
  • up_t2_4k
  • up_t2_4k_firmware
  • zxv10_b866v2-h
  • zxv10_b866v2
  • zxv10_b866v2f
  • zxv10_b866v2_firmware
  • zxv10_b860h_v5d0
CWE
CWE-276

Incorrect Default Permissions