Overview
- Description
- All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
- Source
- psirt@zte.com.cn
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:ztemarket_apk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25CC12B9-9EC1-43FD-BDA3-4ABB91BA0791",
"versionEndIncluding": "10.06"
}
],
"operator": "OR"
}
]
}
]