There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
References
| Link | Resource |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264 | Vendor Advisory |
| https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
History
21 Nov 2024, 07:49
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
| References | () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264 - Vendor Advisory |
24 Aug 2023, 16:20
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-863 | |
| First Time |
Zte axon 40 Ultra
Zte axon 30 Firmware Zte axon 40 Pro Firmware Zte axon 40 Ultra Firmware Zte axon 30 Zte axon 40 Pro Zte nubia Z50 Firmware Zte nubia Z50 Zte |
|
| References | (MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.3 |
| CPE | cpe:2.3:h:zte:axon_30:-:*:*:*:*:*:*:* cpe:2.3:h:zte:axon_40_pro:-:*:*:*:*:*:*:* cpe:2.3:o:zte:nubia_z50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zte:nubia_z50:-:*:*:*:*:*:*:* cpe:2.3:o:zte:axon_40_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:* cpe:2.3:o:zte:axon_30_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:* |
17 Aug 2023, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-17 03:15
Updated : 2024-11-21 07:49
NVD link : CVE-2023-25647
Mitre link : CVE-2023-25647
CVE.ORG link : CVE-2023-25647
JSON object : View
Products Affected
zte
- axon_40_pro_firmware
- axon_40_ultra_firmware
- axon_30_firmware
- axon_30
- axon_40_ultra
- axon_40_pro
- nubia_z50
- nubia_z50_firmware