|
Original release date: June 17, 2020 CVE ID CVE-2020-6869 CVSS 3.1 Base Score 5.4 Medium(AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) Description All versions up to 10.06 of ZTEMarket APK are impacted by the information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZTEMarket APK | All versions up to 10.06 | 10.07 |
Credit Thanks to XiaoMi AIoT Security&Privacy Lab and security researcher Li Zhongquan@CytQ for providing security issues to ZTE PSIRT. Update Records June 17, 2020, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|