CVE-2023-25647

Summary

There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.

Affected Software

VendorProductVersion RangeStatus
ZTESome ZTE Mobile PhonesNON_EEA_P870F21V1.0.0B01 <= V1.0.0B07affected
ZTESome ZTE Mobile PhonesGEN_ZTE_PQ82A01V1.0.0B01MR <= V1.0.0B18MRaffected
ZTESome ZTE Mobile PhonesGEN_ZTE_P870A01V3.0.0B01 <= V3.0.0B05affected
ZTESome ZTE Mobile PhonesGEN_ZTE_P898A01V2.0.0B01 <= V2.0.0B16affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References