nvd-json-data-feeds/CVE-2023/CVE-2023-256xx/CVE-2023-25645.json

{
  "id": "CVE-2023-25645",
  "sourceIdentifier": "psirt@zte.com.cn",
  "published": "2023-06-16T19:15:14.527",
  "lastModified": "2023-06-26T22:19:11.390",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A170ABC-EAA7-40D1-896C-DAD16C8D7260"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:zte:up_t2_4k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF5A786F-6CC1-489B-9F5F-CACE8E330A51"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D6C7DB-D959-473D-BBA5-B096EDCBE338"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:*",
              "matchCriteriaId": "966CA470-382E-4441-AB66-612B7B13BAD8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9A54F0-6C6A-4D6D-971F-CCB00EBE0EF0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0917421-77D0-4570-93EB-20E43BE956FC"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:zte:zxv10_b866v2-h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E91F392B-2958-45B3-917F-5DCEDE09D57A"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CE2F78-3030-4ED6-801E-A0921BFFAE93"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F181A93-93A7-4866-BA9B-837CBC2EFFF8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7CEFFF-CDB8-4BA7-95F7-E131B77B9891"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1029:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E57517D-2A2F-416A-A2A0-BCF8435D6F63"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.2012:*:*:*:*:*:*:*",
              "matchCriteriaId": "85272C45-5AD6-43A4-80E0-78B796940FB4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0016:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B74E25-442D-486D-98FD-383B2ED3989F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0018:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C15F806-081C-4575-860D-B087D23BD6A8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0019:*:*:*:*:*:*:*",
              "matchCriteriaId": "F374A943-A473-415C-BBDE-DBBEF0E07BF4"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:zte:zxv10_b866v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F37D926-BA5B-4081-97C4-B8B87D90D9BD"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0049:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1243D2-F92D-4C57-9AA0-2AB6B07BA381"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0051:*:*:*:*:*:*:*",
              "matchCriteriaId": "D79ABA22-FCDD-465A-9DB4-599341370D75"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0053:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DAA0753-52FA-4FEA-8388-66D80E17E443"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0063:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5270126-8727-41F0-B7BA-4707A9E955EB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0069:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A8F5A1-C8FA-4AE9-B72C-461E91C01803"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:zte:zxv10_b860h_v5d0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE5EFFC-3198-4449-876D-BF28E5161454"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0026:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FBE4772-CFC5-446A-8145-0A01C6056151"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0031:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC5A0349-1394-4B46-9F86-DE5D761CAED4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0033:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F830CA-2318-420A-9E8B-6B7A8CDFD56B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0035:*:*:*:*:*:*:*",
              "matchCriteriaId": "8175D049-DEFB-4234-9E80-67328E3D3418"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:zte:zxv10_b866v2f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39271F84-DD7F-4A5B-B907-F7712F31EAAB"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464",
      "source": "psirt@zte.com.cn",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-06-16T20:00:28.945514+00:00 2023-06-16 20:00:32 +00:00			`{`
			`"id": "CVE-2023-25645",`
			`"sourceIdentifier": "psirt@zte.com.cn",`
			`"published": "2023-06-16T19:15:14.527",`
Auto-Update: 2023-06-26T23:55:25.310449+00:00 2023-06-26 23:55:28 +00:00			`"lastModified": "2023-06-26T22:19:11.390",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2023-06-16T20:00:28.945514+00:00 2023-06-16 20:00:32 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation."`
			`}`
			`],`
Auto-Update: 2023-06-26T23:55:25.310449+00:00 2023-06-26 23:55:28 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.7,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 2.5,`
			`"impactScore": 5.2`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-276"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:::::::*",`
			`"matchCriteriaId": "7A170ABC-EAA7-40D1-896C-DAD16C8D7260"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:zte:up_t2_4k:-:::::::*",`
			`"matchCriteriaId": "FF5A786F-6CC1-489B-9F5F-CACE8E330A51"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:::::::*",`
			`"matchCriteriaId": "23D6C7DB-D959-473D-BBA5-B096EDCBE338"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:::::::*",`
			`"matchCriteriaId": "966CA470-382E-4441-AB66-612B7B13BAD8"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:::::::*",`
			`"matchCriteriaId": "3E9A54F0-6C6A-4D6D-971F-CCB00EBE0EF0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:::::::*",`
			`"matchCriteriaId": "F0917421-77D0-4570-93EB-20E43BE956FC"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:zte:zxv10_b866v2-h:-:::::::*",`
			`"matchCriteriaId": "E91F392B-2958-45B3-917F-5DCEDE09D57A"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:::::::*",`
			`"matchCriteriaId": "B0CE2F78-3030-4ED6-801E-A0921BFFAE93"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:::::::*",`
			`"matchCriteriaId": "2F181A93-93A7-4866-BA9B-837CBC2EFFF8"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:::::::*",`
			`"matchCriteriaId": "CF7CEFFF-CDB8-4BA7-95F7-E131B77B9891"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1029:::::::*",`
			`"matchCriteriaId": "1E57517D-2A2F-416A-A2A0-BCF8435D6F63"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.2012:::::::*",`
			`"matchCriteriaId": "85272C45-5AD6-43A4-80E0-78B796940FB4"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0016:::::::*",`
			`"matchCriteriaId": "D5B74E25-442D-486D-98FD-383B2ED3989F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0018:::::::*",`
			`"matchCriteriaId": "9C15F806-081C-4575-860D-B087D23BD6A8"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2_firmware:v84711309.0019:::::::*",`
			`"matchCriteriaId": "F374A943-A473-415C-BBDE-DBBEF0E07BF4"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:zte:zxv10_b866v2:-:::::::*",`
			`"matchCriteriaId": "1F37D926-BA5B-4081-97C4-B8B87D90D9BD"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0049:::::::*",`
			`"matchCriteriaId": "AA1243D2-F92D-4C57-9AA0-2AB6B07BA381"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0051:::::::*",`
			`"matchCriteriaId": "D79ABA22-FCDD-465A-9DB4-599341370D75"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0053:::::::*",`
			`"matchCriteriaId": "6DAA0753-52FA-4FEA-8388-66D80E17E443"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0063:::::::*",`
			`"matchCriteriaId": "B5270126-8727-41F0-B7BA-4707A9E955EB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b860h_v5d0_firmware:v83011303.0069:::::::*",`
			`"matchCriteriaId": "57A8F5A1-C8FA-4AE9-B72C-461E91C01803"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:zte:zxv10_b860h_v5d0:-:::::::*",`
			`"matchCriteriaId": "1FE5EFFC-3198-4449-876D-BF28E5161454"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0026:::::::*",`
			`"matchCriteriaId": "8FBE4772-CFC5-446A-8145-0A01C6056151"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0031:::::::*",`
			`"matchCriteriaId": "AC5A0349-1394-4B46-9F86-DE5D761CAED4"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0033:::::::*",`
			`"matchCriteriaId": "28F830CA-2318-420A-9E8B-6B7A8CDFD56B"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:zte:zxv10_b866v2f_firmware:v86111338.0035:::::::*",`
			`"matchCriteriaId": "8175D049-DEFB-4234-9E80-67328E3D3418"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:zte:zxv10_b866v2f:-:::::::*",`
			`"matchCriteriaId": "39271F84-DD7F-4A5B-B907-F7712F31EAAB"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-06-16T20:00:28.945514+00:00 2023-06-16 20:00:32 +00:00			`"references": [`
			`{`
			`"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1031464",`
Auto-Update: 2023-06-26T23:55:25.310449+00:00 2023-06-26 23:55:28 +00:00			`"source": "psirt@zte.com.cn",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-06-16T20:00:28.945514+00:00 2023-06-16 20:00:32 +00:00			`}`
			`]`
			`}`