CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
14.2%
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user’s device, affecting device operation.
Vendor | Product | Version | CPE |
---|---|---|---|
zte | up_t2_4k_firmware | v84511302.1427 | cpe:2.3:o:zte:up_t2_4k_firmware:v84511302.1427:*:*:*:*:*:*:* |
zte | up_t2_4k | - | cpe:2.3:h:zte:up_t2_4k:-:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0038 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0038:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0040 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0040:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0045 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0045:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h_firmware | v84711321.0049 | cpe:2.3:o:zte:zxv10_b866v2-h_firmware:v84711321.0049:*:*:*:*:*:*:* |
zte | zxv10_b866v2-h | - | cpe:2.3:h:zte:zxv10_b866v2-h:-:*:*:*:*:*:*:* |
zte | zxv10_b866v2_firmware | v82811306.3021 | cpe:2.3:o:zte:zxv10_b866v2_firmware:v82811306.3021:*:*:*:*:*:*:* |
zte | zxv10_b866v2_firmware | v82815416.1027 | cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1027:*:*:*:*:*:*:* |
zte | zxv10_b866v2_firmware | v82815416.1028 | cpe:2.3:o:zte:zxv10_b866v2_firmware:v82815416.1028:*:*:*:*:*:*:* |