{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25645", "ASSIGNER": "psirt@zte.com.cn", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "n/a", "product": { "product_data": [ { "product_name": "UP T2 4K, ZXV10 B866V2-H, ZXV10 B866V2, ZXV10 B860H V5D0, ZXV10 B866V2F", "version": { "version_data": [ { "version_value": "V84511302.1427,V84711321.0038,V84711321.0040,V84711321.0045,V84711321.0049,V82811306.3021,V84711309.0016,V84711309.0018,V84711309.0019,V82815416.1027,V82815416.1028,V82815416.1029,V82815416.2012,V83011303.0049,V83011303.0051,V83011303.0053,V83011303.0063,V83011303.0069,V86111338.0026,V86111338.0031,V86111338.0033,V86111338.0035" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "permission and access control" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464", "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation." } ] } }