Initial Release Date: February 17, 2023 Vulnerability ID CVE ID:CVE-2022-23140 CNNVD ID:CNNVD-2022-25909585 CVSS 3.1 Base Score 5.0 Medium (AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L) Description There is a broken access control vulnerability in some ZTE mobile phones. Due to improper permission settings after adb is connected to a mobile phone, an attacker with user permission could exploit this vulnerability for authority exceeding when using the phone. Affected Products and Fixes Product Name | Affected Version | Resolved Version | Yuanhang 10 | All versions up to GEN_CBN_P633S07V1.0.0B33 | GEN_CBN_P633S07V1.0.0B34 | Yuanhang 30 | All versions up to UNI_CN_P633S08V1.0.0B19 | UNI_CN_P633S08V1.0.0B20 |
Acknowledgement ZTE thanks Li Zhongquan @ADLab of VenusTech for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records February 17, 2023, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. ZTE Mobile Phone Support Center https://support.ztedevices.com/ ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|