Zxcloud Irai Security Vulnerabilities and Issues — Zxcloud Irai CVE List

Lucene search

ZteZxcloud Irai

10 matches found

CVE•added 2024/01/03 2:15 a.m.•44 views

CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.

7.8CVSS7.5AI score0.00022EPSS

CVE•added 2024/07/09 7:15 a.m.•44 views

CVE-2024-22062

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration.

8.8CVSS6.2AI score0.00011EPSS

CVE•added 2024/01/03 2:15 a.m.•37 views

CVE-2023-41783

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.

7.8CVSS7.7AI score0.00089EPSS

CVE•added 2024/01/03 2:15 a.m.•36 views

CVE-2023-41776

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.

7.8CVSS7.8AI score0.0003EPSS

CVE•added 2018/12/20 2:29 p.m.•33 views

CVE-2018-7365

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.

7.2CVSS6.9AI score0.00302EPSS

CVE•added 2021/04/13 4:15 p.m.•31 views

CVE-2021-21731

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXC...

8.1CVSS7.8AI score0.00102EPSS

CVE•added 2024/01/05 2:15 a.m.•30 views

CVE-2023-41782

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

4.8CVSS5.2AI score0.00041EPSS

CVE•added 2024/01/03 2:15 a.m.•27 views

CVE-2023-41779

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/12/14 7:15 a.m.•25 views

CVE-2023-25650

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.

6.5CVSS6.5AI score0.0026EPSS

CVE•added 2023/12/14 7:15 a.m.•21 views

CVE-2023-25648

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

7.8CVSS7.1AI score0.00068EPSS