CVE-2023-25645

moderate-risk

Published 2023-06-16

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

Do I need to act?

-

0.04% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.7/10 High

LOCAL / LOW complexity

Affected Products (20)

Up T2 4K Firmware

Zxv10 B866V2-H Firmware

Zxv10 B866V2-H Firmware

Zxv10 B866V2-H Firmware

Zxv10 B866V2-H Firmware

Zxv10 B866V2 Firmware

Zxv10 B866V2 Firmware

Zxv10 B866V2 Firmware

Zxv10 B866V2 Firmware

Zxv10 B866V2 Firmware

Zxv10 B866V2 Firmware

Zxv10 B866V2 Firmware

Zxv10 B866V2 Firmware

Zxv10 B860H V5D0 Firmware

Zxv10 B860H V5D0 Firmware

Zxv10 B860H V5D0 Firmware

Zxv10 B860H V5D0 Firmware

Zxv10 B860H V5D0 Firmware

Zxv10 B866V2F Firmware

Zxv10 B866V2F Firmware

Affected Vendors

Zte

References (2)

Vendor Advisory https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464

Vendor Advisory https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464

44

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 20/34 · Moderate