CVE-2023-41780

MEDIUM

ZTE Zxcloud Irai < 7.23.32 - Path Traversal

Title source: rule

Description

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.

References (1)

[Broken Link, Vendor Advisory] https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404

Scores

CVSS v3 6.4

EPSS 0.0002

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-22 CWE-427

Status published

Affected Products (1)

zte/zxcloud_irai < 7.23.32

Timeline

Published Jan 03, 2024

Tracked Since Feb 18, 2026