Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-25645

Опубликовано: 16 июн. 2023
Источник: nvd
CVSS3: 7.7
EPSS Низкий

Описание

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:*
cpe:2.3:h:zte:up_t2_4k:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b866v2-h:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1029:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.2012:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0016:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0018:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0019:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b866v2:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0049:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0051:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0053:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0063:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0069:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b860h_v5d0:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

Одно из

cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0026:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0031:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0033:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0035:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_b866v2f:-:*:*:*:*:*:*:*

EPSS

Процентиль: 10%
0.00034
Низкий

7.7 High

CVSS3

Дефекты

CWE-276
CWE-276

Связанные уязвимости

github логотип

GHSA-h8gg-wpx7-r4g9

CVSS3: 7.7
github
больше 2 лет назад

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

EPSS

Процентиль: 10%
0.00034
Низкий

7.7 High

CVSS3

Дефекты

CWE-276
CWE-276