CVE-2023-25645

Published: Jun 16, 2023Modified: Dec 12, 2024

7.7

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.5 / Impact: 5.2

Source: NVD

Description

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

Affected (22)

Products: Zte: Up T2 4k Firmware, Zxv10 B866v2 H Firmware, Zxv10 B866v2 Firmware, Zxv10 B860h V5d0 Firmware, Zxv10 B866v2f Firmware

Zte

5 products

Up T2 4k Firmware

Zxv10 B866v2 H Firmware

Zxv10 B866v2 Firmware

Zxv10 B860h V5d0 Firmware

Zxv10 B866v2f Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Up T2 4k Firmware	Version v84511302.1427

Running on/with	Platform Versions
Zte Up T2 4k	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 B866v2 H Firmware	Version v84711321.0038
Zte Zxv10 B866v2 H Firmware	Version v84711321.0040
Zte Zxv10 B866v2 H Firmware	Version v84711321.0045
Zte Zxv10 B866v2 H Firmware	Version v84711321.0049

Running on/with	Platform Versions
Zte Zxv10 B866v2 H	All versions

Configuration C

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 B866v2 Firmware	Version v82811306.3021
Zte Zxv10 B866v2 Firmware	Version v82815416.1027
Zte Zxv10 B866v2 Firmware	Version v82815416.1028
Zte Zxv10 B866v2 Firmware	Version v82815416.1029
Zte Zxv10 B866v2 Firmware	Version v82815416.2012
Zte Zxv10 B866v2 Firmware	Version v84711309.0016
Zte Zxv10 B866v2 Firmware	Version v84711309.0018
Zte Zxv10 B866v2 Firmware	Version v84711309.0019

Running on/with	Platform Versions
Zte Zxv10 B866v2	All versions

Configuration D

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 B860h V5d0 Firmware	Version v83011303.0049
Zte Zxv10 B860h V5d0 Firmware	Version v83011303.0051
Zte Zxv10 B860h V5d0 Firmware	Version v83011303.0053
Zte Zxv10 B860h V5d0 Firmware	Version v83011303.0063
Zte Zxv10 B860h V5d0 Firmware	Version v83011303.0069

Running on/with	Platform Versions
Zte Zxv10 B860h V5d0	All versions

Configuration E

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 B866v2f Firmware	Version v86111338.0026
Zte Zxv10 B866v2f Firmware	Version v86111338.0031
Zte Zxv10 B866v2f Firmware	Version v86111338.0033
Zte Zxv10 B866v2f Firmware	Version v86111338.0035

Running on/with	Platform Versions
Zte Zxv10 B866v2f	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464

Source: psirt@zte.com.cn

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.