|
Original Release Date: June 15 2023 Vulnerability ID CVE ID: CVE-2023-25645 CNNVD ID: CNNVD-2023-74643909 CVSS 3.1 Base Score 6.8 Medium(AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) Description There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. Affected Products and Fixes Product Name | Affected Version | Resolved Version | UP T2 4K | V84511302.1427 | V84511302.2014 | ZXV10 B866V2-H | V84711321.0038 V84711321.0040 V84711321.0045 V84711321.0049 | V84711321.0055 | ZXV10 B866V2 | V82811306.3021 | V82811306.3102 | V84711309.0016 V84711309.0018 V84711309.0019 | V84711309.1009 | V82815416.1027 V82815416.1028 V82815416.1029 V82815416.2012 | V82815416.2018 | ZXV10 B860H V5D0 | V83011303.0049 V83011303.0051 V83011303.0053 V83011303.0063 V83011303.0069 | V83011303.0077 | ZXV10 B866V2F | V86111338.0026 V86111338.0031 V86111338.0033 V86111338.0035 | V86111338.0037 |
Acknowledgement ZTE thanks Google for paying attention to our products and cooperating with us to disclose vulnerability. Update Records June 15 2023, initial. Version Update Method STBs that support automatic update will automatically upgrade after being powered on and connected to the network. Users can also turn on the STB and upgrade manually by selecting Settings > Device Preference > About > System update. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|