PT-2021-14748 · Zte · Zte Zxv10 B860A

Published

2021-06-24

Updated

2021-06-30

CVE-2021-21737

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ZTE ZXV10 B860H versions V5.0, V83011303.0010, V83011303.0016

Description A smart STB product of ZTE is impacted by a permission and access control issue. Due to insufficient protection of system application, attackers could use this issue to tamper with the system desktop and affect system customization functions.

Recommendations For version V5.0, update the system to ensure proper protection of system applications. For version V83011303.0010, apply configuration changes to restrict access to system customization functions. For version V83011303.0016, restrict access to system desktop to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-21737

Affected Products

Zte Zxv10 B860A

PT-2021-14748 · Zte · Zte Zxv10 B860A

CVE-2021-21737

Weakness Enumeration

Related Identifiers

Affected Products

References · 5