Input Validation Vulnerability in ZTE Smart STB

Original release date: 30 July 2019  

 

CVE ID

CVE-2019-3416

 

CVSS 3.0 Base Score

8.1 High (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

 

Description

All versions up to V81511329.1008 of ZTE ZXV10 B860A product are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. 

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXV10 B860A

All versions up to V81511329.1008

V81511329.1009_20190315

 

Credit

ZTE thanks Yang Zhi for submitting this vulnerabiliy of ZXV10 B860 to ZTE PSIRT.

 

 

Update Records

30 July 2019, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]