CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41776 – Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41776
03 Jan 2024 — There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. Existe una vulnerabilidad de escalada de privilegios local en ZXCLOUD iRAI de ZTE. Los atacantes con privilegios de usuario normales pueden crear un proceso falso y escalar privilegios locales. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41780 – Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41780
03 Jan 2024 — There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. Existe una vulnerabilidad de carga de DLL insegura en ZTE ZXCLOUD iRAI. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podría aprovechar esta vulnerabilidad para escalar los privilegios locales. • https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41779 – Illegal Memory Access Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41779
03 Jan 2024 — There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. Existe una vulnerabilidad de acceso ilegal a la memoria del producto ZXCLOUD iRAI de ZTE. Cuando la vulnerabilidad es explotada por un atacante con permiso de usuario común, la máquina física fallará. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25644 – Denial of Service Vulnerability in Some ZTE Mobile Internet Products
https://notcve.org/view.php?id=CVE-2023-25644
14 Dec 2023 — There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack. Existe una vulnerabilidad de denegación de servicio en algunos productos de Internet móvil de ZTE. Debido a una validación insuficiente del parámetro de la interfaz web, un atacante podría utilizar la vulnerabilidad para realizar un ataque de denegación de servicio. There is a denial of servi... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032624 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25643 – Two Vulnerabilities in Some ZTE Mobile Internet Products
https://notcve.org/view.php?id=CVE-2023-25643
14 Dec 2023 — There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands. Existe una vulnerabilidad de inyección de comandos en algunos productos de internet móvil de ZTE. Debido a una validación de entrada insuficiente de múltiples parámetros de red, un atacante autenticado podría utilizar la vulnerabilidad para ejecutar comandos arbitrarios. There... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25642 – Two Vulnerabilities in Some ZTE Mobile Internet Products
https://notcve.org/view.php?id=CVE-2023-25642
14 Dec 2023 — There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. Existe una vulnerabilidad de desbordamiento del búfer en algunos productos de Internet móvil de ZTE. Debido a una validación insuficiente del parámetro del puerto tcp, un atacante autenticado podría utilizar la vulnerabilidad para realizar un ataque de denegación de servicio. There is... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25651 – SQL Injection Vulnerability in Some ZTE Mobile Internet Products
https://notcve.org/view.php?id=CVE-2023-25651
14 Dec 2023 — There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. Existe una vulnerabilidad de inyección SQL en algunos productos de Internet móvil de ZTE. Debido a una validación de entrada insuficiente del parámetro de la interfaz SMS, un atacante autenticado podría utilizar la vulnerabilidad para ejecutar una inyección SQL y... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25650 – Arbitrary File Download Vulnerability in ZTE ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-25650
14 Dec 2023 — There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. Existe una vulnerabilidad de descarga de archivos arbitrarios en ZXCLOUD iRAI. Dado que el backend no escapa a cadenas especiales ni restringe rutas, un atacante con permiso del usuario podría acceder a la interfaz de descarga modificand... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032904 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25648 – Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-25648
14 Dec 2023 — There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. Existe una vulnerabilidad de permiso de carpeta débil en el producto ZXCLOUD iRAI de ZTE. Debido a un permiso de carpeta débil, un atacante con privilegios de usuario normales podría construir una DLL falsa para ejecutar un comando para escalar los privilegios locales. There is a wea... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-25647 – Permission and Access Control Vulnerability in Some ZTE Mobile Phones
https://notcve.org/view.php?id=CVE-2023-25647
17 Aug 2023 — There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •