Vulnerabilites related to ZTE - ZXCLOUD iRAI
CVE-2023-41776 (GCVE-0-2023-41776)
Vulnerability from cvelistv5
Published
2024-01-03 01:56
Modified
2025-06-16 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD iRAI |
Version: All versions up to 7.23.31 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:47.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T18:14:57.667679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:15:21.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ZXCLOUD iRAI",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "7.23.31",
"status": "affected",
"version": "All versions up to 7.23.31",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a local privilege escalation vulnerability of ZTE\u0027s ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There is a local privilege escalation vulnerability of ZTE\u0027s ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T01:56:48.148Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e7.23.32\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "7.23.32\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability of ZTE\u0027s ZXCLOUD iRAI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2023-41776",
"datePublished": "2024-01-03T01:56:48.148Z",
"dateReserved": "2023-09-01T09:02:00.656Z",
"dateUpdated": "2025-06-16T18:15:21.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41780 (GCVE-0-2023-41780)
Vulnerability from cvelistv5
Published
2024-01-03 01:52
Modified
2024-09-06 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD iRAI |
Version: All versions up to 7.23.23 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zxcloud_irai_firmware",
"vendor": "zte",
"versions": [
{
"lessThan": "7.23.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T20:33:26.874082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:48:21.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ZXCLOUD iRAI",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "7.23.23",
"status": "affected",
"version": "All versions up to 7.23.23",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the \u0026nbsp;program \u0026nbsp;failed to adequately validate the user\u0027s input, an attacker could exploit this vulnerability \u0026nbsp;to escalate local privileges.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user\u0027s input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T01:57:56.978Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "7.23.32"
}
],
"value": "7.23.32"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2023-41780",
"datePublished": "2024-01-03T01:52:10.749Z",
"dateReserved": "2023-09-01T09:02:00.657Z",
"dateUpdated": "2024-09-06T17:48:21.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25648 (GCVE-0-2023-25648)
Vulnerability from cvelistv5
Published
2023-12-14 06:46
Modified
2024-08-02 11:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD iRAI |
Version: All versions up to V7.23.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ZXCLOUD iRAI",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "V7.23.20",
"status": "affected",
"version": "All versions up to V7.23.20",
"versionType": "V7.23.20"
}
]
}
],
"datePublic": "2023-08-28T06:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a weak folder permission vulnerability in ZTE\u0027s ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDLL\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;to execute command to escalate local privileges.\u003c/span\u003e\n\n"
}
],
"value": "\nThere is a weak folder permission vulnerability in ZTE\u0027s ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL\u00a0to execute command to escalate local privileges.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T06:46:39.187Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZXCLOUD iRAI V7.23.21\u003cbr\u003e"
}
],
"value": "ZXCLOUD iRAI V7.23.21\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2023-25648",
"datePublished": "2023-12-14T06:46:39.187Z",
"dateReserved": "2023-02-09T19:47:48.022Z",
"dateUpdated": "2024-08-02T11:25:19.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41783 (GCVE-0-2023-41783)
Vulnerability from cvelistv5
Published
2024-01-03 02:02
Modified
2025-04-17 18:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD iRAI |
Version: All versions up to 7.22.11P2 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T16:58:46.080603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:26:25.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ZXCLOUD iRAI",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "7.22.11P2",
"status": "affected",
"version": "All versions up to 7.22.11P2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a command injection vulnerability of ZTE\u0027s ZXCLOUD iRAI. Due to the \u0026nbsp;program \u0026nbsp;failed to adequately validate the user\u0027s input, an attacker could exploit this vulnerability \u0026nbsp;to escalate local privileges.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There is a command injection vulnerability of ZTE\u0027s ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user\u0027s input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T02:02:51.482Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "7.23.32"
}
],
"value": "7.23.32"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection Vulnerability of ZTE\u0027s ZXCLOUD iRAI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2023-41783",
"datePublished": "2024-01-03T02:02:51.482Z",
"dateReserved": "2023-09-01T09:02:00.657Z",
"dateUpdated": "2025-04-17T18:26:25.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41779 (GCVE-0-2023-41779)
Vulnerability from cvelistv5
Published
2024-01-03 01:40
Modified
2024-08-26 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD iRAI |
Version: ZTE iRAI 7.23.21 or later < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T19:50:19.046691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T19:50:28.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ZXCLOUD iRAI",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "7.23.21",
"status": "affected",
"version": "ZTE iRAI 7.23.21 or later",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-01-03T01:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an illegal memory access vulnerability of ZTE\u0027s ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There is an illegal memory access vulnerability of ZTE\u0027s ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T01:43:38.742Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e7.23.32\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "7.23.32\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Illegal Memory Access Vulnerability of ZTE\u0027s ZXCLOUD iRAI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2023-41779",
"datePublished": "2024-01-03T01:40:18.239Z",
"dateReserved": "2023-09-01T09:02:00.657Z",
"dateUpdated": "2024-08-26T19:50:28.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25650 (GCVE-0-2023-25650)
Vulnerability from cvelistv5
Published
2023-12-14 06:52
Modified
2024-08-02 11:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD iRAI |
Version: All versions up to V7.23.23 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ZXCLOUD iRAI",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "V7.23.23",
"status": "affected",
"version": "All versions up to V7.23.23",
"versionType": "V7.23.23"
}
]
}
],
"datePublic": "2023-09-21T06:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.\u003c/span\u003e\n\n"
}
],
"value": "\nThere is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T08:17:02.352Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032904"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZXCLOUD iRAI V7.23.30\u003cbr\u003e"
}
],
"value": "ZXCLOUD iRAI V7.23.30\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary File Download Vulnerability in ZTE ZXCLOUD iRAI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2023-25650",
"datePublished": "2023-12-14T06:52:23.199Z",
"dateReserved": "2023-02-09T19:47:48.023Z",
"dateUpdated": "2024-08-02T11:25:19.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41782 (GCVE-0-2023-41782)
Vulnerability from cvelistv5
Published
2024-01-05 01:41
Modified
2024-09-17 13:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD iRAI |
Version: All versions up to V7.01.04P1_1104 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T15:12:49.249362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:00:29.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ZXCLOUD iRAI",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "All versions up to V7.01.04P1_1104"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ea\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.\u003c/span\u003e\n\n"
}
],
"value": "\nThere is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T01:41:36.564Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eV7.23.30\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nV7.23.30\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking Vulnerability in ZTE ZXCLOUD iRAI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2023-41782",
"datePublished": "2024-01-05T01:41:36.564Z",
"dateReserved": "2023-09-01T09:02:00.657Z",
"dateUpdated": "2024-09-17T13:00:29.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22062 (GCVE-0-2024-22062)
Vulnerability from cvelistv5
Published
2024-07-09 06:41
Modified
2024-08-01 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXCLOUD IRAI |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T14:48:20.271679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:49:04.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ZXCLOUD IRAI",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "ClientV7.23.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T06:41:07.828Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036204"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eClientV7.23.40\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "ClientV7.23.40"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Permissions and Access Control Vulnerability in ZTE ZXCLOUD IRAI",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2024-22062",
"datePublished": "2024-07-09T06:41:07.828Z",
"dateReserved": "2024-01-05T01:51:09.680Z",
"dateUpdated": "2024-08-01T22:35:34.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}