8 results (0.007 seconds)

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-41782 – DLL Hijacking Vulnerability in ZTE ZXCLOUD iRAI

https://notcve.org/view.php?id=CVE-2023-41782

05 Jan 2024 — There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. Existe una vulnerabilidad de secuestro de DLL en ZTE ZXCLOUD iRAI. Un atacante podría colocar un archivo DLL falso en un directorio específico y explotar con éxito esta vulnerabilidad para ejecutar código malicioso. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984 • CWE-20: Improper Input Validation CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-41783 – Command Injection Vulnerability of ZTE's ZXCLOUD iRAI

https://notcve.org/view.php?id=CVE-2023-41783

03 Jan 2024 — There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. Existe una vulnerabilidad de inyección de comandos en ZXCLOUD iRAI de ZTE. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podría aprovechar esta vulnerabilidad para escalar los privilegios locales. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-41776 – Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI

https://notcve.org/view.php?id=CVE-2023-41776

03 Jan 2024 — There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. Existe una vulnerabilidad de escalada de privilegios local en ZXCLOUD iRAI de ZTE. Los atacantes con privilegios de usuario normales pueden crear un proceso falso y escalar privilegios locales. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-41780 – Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI

https://notcve.org/view.php?id=CVE-2023-41780

03 Jan 2024 — There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. Existe una vulnerabilidad de carga de DLL insegura en ZTE ZXCLOUD iRAI. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podría aprovechar esta vulnerabilidad para escalar los privilegios locales. • https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-427: Uncontrolled Search Path Element •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-41779 – Illegal Memory Access Vulnerability of ZTE's ZXCLOUD iRAI

https://notcve.org/view.php?id=CVE-2023-41779

03 Jan 2024 — There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. Existe una vulnerabilidad de acceso ilegal a la memoria del producto ZXCLOUD iRAI de ZTE. Cuando la vulnerabilidad es explotada por un atacante con permiso de usuario común, la máquina física fallará. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-863: Incorrect Authorization •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-25650 – Arbitrary File Download Vulnerability in ZTE ZXCLOUD iRAI

https://notcve.org/view.php?id=CVE-2023-25650

14 Dec 2023 — There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. Existe una vulnerabilidad de descarga de archivos arbitrarios en ZXCLOUD iRAI. Dado que el backend no escapa a cadenas especiales ni restringe rutas, un atacante con permiso del usuario podría acceder a la interfaz de descarga modificand... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032904 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-25648 – Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI

https://notcve.org/view.php?id=CVE-2023-25648

14 Dec 2023 — There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. Existe una vulnerabilidad de permiso de carpeta débil en el producto ZXCLOUD iRAI de ZTE. Debido a un permiso de carpeta débil, un atacante con privilegios de usuario normales podría construir una DLL falsa para ejecutar un comando para escalar los privilegios locales. There is a wea... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-21731

https://notcve.org/view.php?id=CVE-2021-21731

13 Apr 2021 — A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04 Se presenta una vulnerabilidad de tipo CSRF en la página de administración de un producto ZTE. La vulnerabilidad es debido a que la página de administración no veri... • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014824 • CWE-352: Cross-Site Request Forgery (CSRF) •