Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

Original Release Date: January 4 2024

 

Vulnerability ID

CVE ID: CVE-2023-41784            CNNVD ID: CNNVD-2024-72942896

 

CVSS 3.1 Base Score

6.6 Medium (AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L)

 

Description

There is a permissions privileges and access control vulnerability in ZTE Red Magic products. Due to improper access control,when the vulnerability exploited by attackerssome applications may have unauthorized access to related directories.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

Red Magic 8 Pro

GEN_CN_NX729JV1.0.0B21MR

GEN_CN_NX729JV1.0.0B22MR2

 

Acknowledgement

ZTE thanks BuddyTyrannosaurus for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

January 4 2024, initial.

 

 Version Update Method

Affected users can upgrade the version through the Settings app.

 

Global Customer Support Center

https://support.ztedevices.com/

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html

[Close]