Vulnerability Details : CVE-2023-25645
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.
Products affected by CVE-2023-25645
- cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1029:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.2012:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0016:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0018:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0019:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0049:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0051:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0053:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0063:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0069:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0026:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0031:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0033:*:*:*:*:*:*:*
- cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0035:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-25645
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-25645
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.7
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
2.5
|
5.2
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-12-12 |
|
7.7
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
2.5
|
5.2
|
NIST |
CWE ids for CVE-2023-25645
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-25645
-
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464
Security Bulletin DetailsVendor Advisory
Jump to