CVE-2020-6869

EUVD-2020-28011
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
zteztemarket_apk
𝑥
≤ 10.06
𝑥
= Vulnerable software versions
References
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013022
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013022