CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
14.2%
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user’s device, affecting device operation.
Vendor | Product | Version | CPE |
---|---|---|---|
zte | up_t2_4k_firmware | v84511302.1427 | cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:* |
zte | up_t2_4k | - | cpe:2.3:h:zte:up_t2_4k:-:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0038 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0040 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0045 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0049 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h | - | cpe:2.3:h:zte:zxv10_b866v2-h:-:*:*:*:*:*:*:* |
zte | zxv10_b866v2_firmware | v82811306.3021 | cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:* |
zte | zxv10_b866v2_firmware | v82815416.1027 | cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:* |
zte | zxv10_b866v2_firmware | v82815416.1028 | cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:* |
[
{
"vendor": "n/a",
"product": "UP T2 4K, ZXV10 B866V2-H, ZXV10 B866V2, ZXV10 B860H V5D0, ZXV10 B866V2F",
"versions": [
{
"version": "V84511302.1427,V84711321.0038,V84711321.0040,V84711321.0045,V84711321.0049,V82811306.3021,V84711309.0016,V84711309.0018,V84711309.0019,V82815416.1027,V82815416.1028,V82815416.1029,V82815416.2012,V83011303.0049,V83011303.0051,V83011303.0053,V83011303.0063,V83011303.0069,V86111338.0026,V86111338.0031,V86111338.0033,V86111338.0035",
"status": "affected"
}
]
}
]