Permission and Access Control Vulnerability in ZTE AndroidTV Set-Top Boxes
CVE-2023-25645

7.7HIGH

Key Information:

Vendor: Zte
Status: Up T2 4k, Zxv10 B866v2-h, Zxv10 B866v2, Zxv10 B860h V5d0, Zxv10 B866v2f
Vendor: CVE Published:; 16 June 2023

What is CVE-2023-25645?

A vulnerability exists in ZTE's AndroidTV Set-Top Boxes caused by improper permission settings, allowing non-privileged applications to execute functions that should only be accessible to privileged apps. This flaw could lead to unauthorized access and the potential clearing of personal data and applications, thereby disrupting normal device functionality and compromising user information.

Affected Version(s)

UP T2 4K, ZXV10 B866V2-H, ZXV10 B866V2, ZXV10 B860H V5D0, ZXV10 B866V2F V84511302.1427,V84711321.0038,V84711321.0040,V84711321.0045,V84711321.0049,V82811306.3021,V84711309.0016,V84711309.0018,V84711309.0019,V82815416.1027,V82815416.1028,V82815416.1029,V82815416.2012,V83011303.0049,V83011303.0051,V83011303.0053,V83011303.0063,V83011303.0069,V86111338.0026,V86111338.0031,V86111338.0033,V86111338.0035

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
Feb 9, 2023

Zte

What is CVE-2023-25645?

Affected Version(s)

References

CVSS V3.1

Timeline