|
Initial Release Date: April 13, 2023
Vulnerability ID Vulnerability1: CVE ID: CVE-2022-39071 CNNVD ID: CNNVD-2023-01866558 Vulnerability2: CVE ID: CVE-2022-39074 CNNVD ID: CNNVD-2023-46319420 Vulnerability3: CVE ID: CVE-2022-39075 CNNVD ID: CNNVD-2023-58636815 CVSS 3.1 Base Score Vulnerability1:6.0 Medium (AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H) Vulnerability1:2.5 Low (AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) Vulnerability1:5.3 Medium (AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L) Description Vulnerability 1: There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. Vulnerability 2: There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission. Vulnerability 3: There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZTE Blade A52 | All versions up to Z6356T_M01 | Z6356T_M02 | ZTE Blade A51 | All versions up to Blade A51_M06 | Blade A51_M07 | ZTE Blade A3 Lite | All versions up to Blade A30_M08 | Blade A30_M09 | ZTE Blade A5 2020 | All versions up to Blade A5 2020-T_M04 | Blade A5 2020-T_M05 | ZTE Blade L210 | All versions up to GEN_MY_L210_V1.13 | GEN_MY_L210_V1.14 | ZTE Blade A7s | All versions up to CLA_GT_A7020_V2.1 | CLA_GT_A7020_V2.2 | ZTE Blade A31 | All versions up to Blade A31_M02 | Blade A31_M03 | ZTE Blade A31 Plus | All versions up to P600_M03 | P600_M04 | ZTE Blade A5 (2019) | All versions up to P650 Pro_M12 | P650 Pro_M13 | ZTE Blade A71 | All versions up to GEN_EU_EEA_A7030_V2.3 | GEN_EU_EEA_A7030_V2.4 | ZTE Blade A72 | All versions up to MyOS11.0.2_A7039_CLA_CO | MyOS11.0.3_A7040_CLA_CO | ZTE Blade V20 Smart | All versions up to TEL_MX_ZTE_8010V1.13 | TEL_MX_ZTE_8010V1.14 | ZTE Blade V30 | All versions up to TEL_MX_ZTE_9030V1.10 | TEL_MX_ZTE_9030V1.11 | ZTE Blade V30 Vita | All versions up to TEL_MX_ZTE_8030V1.10 | TEL_MX_ZTE_8030V1.11 | ZTE V40 Pro | All versions up to MyOS11.0.3_9045_TEL | MyOS11.0.4_9046_TEL | ZTE Blade V40 Vita | All versions up to MyOS11.0.1_8044_CLA_CO | MyOS11.0.2_8045_CLA_CO | ZTE Axon 40 Ultra | All versions up to NON_EEA_P898F01V1.0.0B25 | NON_EEA_P898F01V1.0.0B26 |
Acknowledgement ZTE thanks Ryan Johnson and Mohamed Elsabagh of Quokka for paying attention to our products and cooperating with us to disclose vulnerability. Update Records April 13, 2023, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. ZTE Mobile Phone Support Center https://support.ztedevices.com/ ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|