CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*

History

09 Jan 2024, 20:00

Type Values Removed Values Added
First Time Zte zxcloud Irai Firmware
Zte
Zte zxcloud Irai
References () https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 - () https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 - Broken Link, Vendor Advisory
CWE CWE-427
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*

03 Jan 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-03 02:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-41780

Mitre link : CVE-2023-41780

CVE.ORG link : CVE-2023-41780


JSON object : View

Products Affected

zte

  • zxcloud_irai_firmware
  • zxcloud_irai
CWE
CWE-427

Uncontrolled Search Path Element

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')