Description
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005
Scores
CVSS v3
5.1
EPSS
0.0030
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Details
CWE
CWE-426
Status
published
Products (2)
zte/usmartview
zte/zxcloud_irai
< 5.01.05
Published
Dec 20, 2018
Tracked Since
Feb 18, 2026