Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-25645
HistoryJun 16, 2023 - 7:15 p.m.

CVE-2023-25645

2023-06-1619:15:14
CWE-276
[email protected]
web.nvd.nist.gov
2
cve-2023-25645
access control
permission settings
non-privileged application
signature permissions
personal data clearance
device operation

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0

Percentile

14.2%

JSON

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user’s device, affecting device operation.

Affected configurations

Nvd
Node
zteup_t2_4k_firmwareMatchv84511302.1427
AND
zteup_t2_4kMatch-
Node
ztezxv10_b866v2-h_firmwareMatchv84711321.0038
OR
ztezxv10_b866v2-h_firmwareMatchv84711321.0040
OR
ztezxv10_b866v2-h_firmwareMatchv84711321.0045
OR
ztezxv10_b866v2-h_firmwareMatchv84711321.0049
AND
ztezxv10_b866v2-hMatch-
Node
ztezxv10_b866v2_firmwareMatchv82811306.3021
OR
ztezxv10_b866v2_firmwareMatchv82815416.1027
OR
ztezxv10_b866v2_firmwareMatchv82815416.1028
OR
ztezxv10_b866v2_firmwareMatchv82815416.1029
OR
ztezxv10_b866v2_firmwareMatchv82815416.2012
OR
ztezxv10_b866v2_firmwareMatchv84711309.0016
OR
ztezxv10_b866v2_firmwareMatchv84711309.0018
OR
ztezxv10_b866v2_firmwareMatchv84711309.0019
AND
ztezxv10_b866v2Match-
Node
ztezxv10_b860h_v5d0_firmwareMatchv83011303.0049
OR
ztezxv10_b860h_v5d0_firmwareMatchv83011303.0051
OR
ztezxv10_b860h_v5d0_firmwareMatchv83011303.0053
OR
ztezxv10_b860h_v5d0_firmwareMatchv83011303.0063
OR
ztezxv10_b860h_v5d0_firmwareMatchv83011303.0069
AND
ztezxv10_b860h_v5d0Match-
Node
ztezxv10_b866v2f_firmwareMatchv86111338.0026
OR
ztezxv10_b866v2f_firmwareMatchv86111338.0031
OR
ztezxv10_b866v2f_firmwareMatchv86111338.0033
OR
ztezxv10_b866v2f_firmwareMatchv86111338.0035
AND
ztezxv10_b866v2fMatch-
VendorProductVersionCPE
zteup_t2_4k_firmwarev84511302.1427cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:*
zteup_t2_4k-cpe:2.3:h:zte:up_t2_4k:-:*:*:*:*:*:*:*
ztezxv10_b866v2-h_firmwarev84711321.0038cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:*
ztezxv10_b866v2-h_firmwarev84711321.0040cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:*
ztezxv10_b866v2-h_firmwarev84711321.0045cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:*
ztezxv10_b866v2-h_firmwarev84711321.0049cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:*
ztezxv10_b866v2-h-cpe:2.3:h:zte:zxv10_b866v2-h:-:*:*:*:*:*:*:*
ztezxv10_b866v2_firmwarev82811306.3021cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:*
ztezxv10_b866v2_firmwarev82815416.1027cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:*
ztezxv10_b866v2_firmwarev82815416.1028cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:*
Rows per page:
1-10 of 271

Related

prion 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2023-06-16 19:15:00
cvelist
cvelist
CVE-2023-25645
2023-06-16 00:00:00
cve
cve
CVE-2023-25645
2023-06-16 19:15:14

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0

Percentile

14.2%

JSON
Related for NVD:CVE-2023-25645
prion1cvelist1cve1