CVE-2023-25645: There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application...

0.0 CVSS

Description

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

Classification

CVE ID: CVE-2023-25645

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: UP T2 4K, ZXV10 B866V2-H, ZXV10 B866V2, ZXV10 B860H V5D0, ZXV10 B866V2F

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 22.79% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464

Timeline

2024-12-13 00:30:22 UTC
CVE

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application...