CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41781 – XSS Vulnerability in ZTE MF258 Products
https://notcve.org/view.php?id=CVE-2023-41781
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. Hay una vulnerabilidad de Cross-Site Scripting (XSS) en ZTE MF258. Debido a una validación de entrada insuficiente del parámetro de la interfaz SMS, se desencadenará un ataque XSS. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034684 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41782 – DLL Hijacking Vulnerability in ZTE ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41782
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. Existe una vulnerabilidad de secuestro de DLL en ZTE ZXCLOUD iRAI. Un atacante podría colocar un archivo DLL falso en un directorio específico y explotar con éxito esta vulnerabilidad para ejecutar código malicioso. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984 • CWE-20: Improper Input Validation CWE-427: Uncontrolled Search Path Element •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41784 – Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro
https://notcve.org/view.php?id=CVE-2023-41784
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro Vulnerabilidad de permisos y control de acceso en ZTE Red Magic 8 Pro • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034444 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41783 – Command Injection Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41783
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. Existe una vulnerabilidad de inyección de comandos en ZXCLOUD iRAI de ZTE. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podría aprovechar esta vulnerabilidad para escalar los privilegios locales. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41776 – Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41776
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. Existe una vulnerabilidad de escalada de privilegios local en ZXCLOUD iRAI de ZTE. Los atacantes con privilegios de usuario normales pueden crear un proceso falso y escalar privilegios locales. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •