Security Vulnerability in ZTEMarket APK

Original release date:  June 17, 2020

 

CVE ID

CVE-2020-6869

 

CVSS 3.1 Base Score

5.4 MediumAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

  

Description

All versions up to 10.06 of ZTEMarket APK are impacted by the information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZTEMarket APK

All versions up to 10.06

10.07

 

Credit

Thanks to XiaoMi AIoT Security&Privacy Lab and security researcher Li Zhongquan@CytQ for providing security issues to ZTE PSIRT.

 

Update Records

June 17, 2020, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]