high
7.7
CWE
276
Advisory Published
Updated

CVE-2023-25645

First published: Fri Jun 16 2023(Updated: )

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

Credit: psirt@zte.com.cn psirt@zte.com.cn

Affected SoftwareAffected VersionHow to fix
Zte Up T2 4k Firmware=v84511302.1427
Zte Up T2 4k
Zte Zxv10 B866v2-h Firmware=v84711321.0038
Zte Zxv10 B866v2-h Firmware=v84711321.0040
Zte Zxv10 B866v2-h Firmware=v84711321.0045
Zte Zxv10 B866v2-h Firmware=v84711321.0049
Zte Zxv10 B866v2-h
Zte Zxv10 B866v2 Firmware=v82811306.3021
Zte Zxv10 B866v2 Firmware=v82815416.1027
Zte Zxv10 B866v2 Firmware=v82815416.1028
Zte Zxv10 B866v2 Firmware=v82815416.1029
Zte Zxv10 B866v2 Firmware=v82815416.2012
Zte Zxv10 B866v2 Firmware=v84711309.0016
Zte Zxv10 B866v2 Firmware=v84711309.0018
Zte Zxv10 B866v2 Firmware=v84711309.0019
Zte Zxv10 B866v2
Zte Zxv10 B860h V5d0 Firmware=v83011303.0049
Zte Zxv10 B860h V5d0 Firmware=v83011303.0051
Zte Zxv10 B860h V5d0 Firmware=v83011303.0053
Zte Zxv10 B860h V5d0 Firmware=v83011303.0063
Zte Zxv10 B860h V5d0 Firmware=v83011303.0069
Zte Zxv10 B860h V5d0
Zte Zxv10 B866v2f Firmware=v86111338.0026
Zte Zxv10 B866v2f Firmware=v86111338.0031
Zte Zxv10 B866v2f Firmware=v86111338.0033
Zte Zxv10 B866v2f Firmware=v86111338.0035
Zte Zxv10 B866v2f
All of
Zte Up T2 4k Firmware=v84511302.1427
Zte Up T2 4k
All of
Any of
Zte Zxv10 B866v2-h Firmware=v84711321.0038
Zte Zxv10 B866v2-h Firmware=v84711321.0040
Zte Zxv10 B866v2-h Firmware=v84711321.0045
Zte Zxv10 B866v2-h Firmware=v84711321.0049
Zte Zxv10 B866v2-h
All of
Any of
Zte Zxv10 B866v2 Firmware=v82811306.3021
Zte Zxv10 B866v2 Firmware=v82815416.1027
Zte Zxv10 B866v2 Firmware=v82815416.1028
Zte Zxv10 B866v2 Firmware=v82815416.1029
Zte Zxv10 B866v2 Firmware=v82815416.2012
Zte Zxv10 B866v2 Firmware=v84711309.0016
Zte Zxv10 B866v2 Firmware=v84711309.0018
Zte Zxv10 B866v2 Firmware=v84711309.0019
Zte Zxv10 B866v2
All of
Any of
Zte Zxv10 B860h V5d0 Firmware=v83011303.0049
Zte Zxv10 B860h V5d0 Firmware=v83011303.0051
Zte Zxv10 B860h V5d0 Firmware=v83011303.0053
Zte Zxv10 B860h V5d0 Firmware=v83011303.0063
Zte Zxv10 B860h V5d0 Firmware=v83011303.0069
Zte Zxv10 B860h V5d0
All of
Any of
Zte Zxv10 B866v2f Firmware=v86111338.0026
Zte Zxv10 B866v2f Firmware=v86111338.0031
Zte Zxv10 B866v2f Firmware=v86111338.0033
Zte Zxv10 B866v2f Firmware=v86111338.0035
Zte Zxv10 B866v2f

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID of this vulnerability?

    The vulnerability ID of this vulnerability is CVE-2023-25645.

  • What is the severity of CVE-2023-25645?

    The severity of CVE-2023-25645 is high with a severity value of 7.7.

  • What is the affected software of CVE-2023-25645?

    The affected software of CVE-2023-25645 are ZTE Up T2 4k Firmware, ZTE Zxv10 B866v2-h Firmware, ZTE Zxv10 B866v2 Firmware, ZTE Zxv10 B860h V5d0 Firmware, and ZTE Zxv10 B866v2f Firmware.

  • What is the description of CVE-2023-25645?

    CVE-2023-25645 is a permission and access control vulnerability in some ZTE AndroidTV STBs, allowing non-privileged applications to perform protected functions and potentially clear personal data and apps.

  • Is there a fix available for CVE-2023-25645?

    It is recommended to update the affected ZTE firmware versions to the latest versions provided by ZTE to fix CVE-2023-25645.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203