|
Initial Release Date: July 27, 2023 Vulnerability ID CVE ID: CVE-2023-25647 CNNVD ID: CNNVD-2023-12863579 CVSS 3.1 Base Score 4.7 Medium(AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) Description There is a permission and access control vulnerability in ZTE Axon 40 Pro. Due to improper access control, applications in mobile phone could monitor the touch event. Affected Products and Fixes Product Name | Affected Version | Resolved Version | Axon 40 Pro | All versions up to NON_EEA_P870F21V1.0.0B07 | NON_EEA_P870F21V1.0.0B16 | Nubia Z50 | All versions up to GEN_ZTE_PQ82A01V1.0.0B18MR | GEN_ZTE_PQ82A01V1.0.0B19MR | Axon 30 | All versions up to GEN_ZTE_P870A01V3.0.0B05 | GEN_ZTE_P870A01V3.0.0B06 | Axon 40 Ultra | All versions up to GEN_ZTE_P898A01V2.0.0B16 | GEN_ZTE_P898A01V2.0.0B17 |
Acknowledgement ZTE thanks Yousra Aafer (University of Waterloo) for paying attention to our products and cooperating with us to disclose vulnerability. Update Records July 27, 2023, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. ZTE Mobile Phone Support Center https://support.ztedevices.com/ ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|