CVE-2023-25647
4.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZTE | Some ZTE Mobile Phones | NON_EEA_P870F21V1.0.0B01 <= V1.0.0B07 | affected |
| ZTE | Some ZTE Mobile Phones | GEN_ZTE_PQ82A01V1.0.0B01MR <= V1.0.0B18MR | affected |
| ZTE | Some ZTE Mobile Phones | GEN_ZTE_P870A01V3.0.0B01 <= V3.0.0B05 | affected |
| ZTE | Some ZTE Mobile Phones | GEN_ZTE_P898A01V2.0.0B01 <= V2.0.0B16 | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.