CVE-2023-41783

MEDIUM

ZTE ZXCLOUD iRAI < 7.23.32 - Command Injection

Title source: llm

Description

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.

References (1)

Core 1

Core References

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404

Scores

CVSS v3 4.3

EPSS 0.0009

EPSS Percentile 25.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (1)

zte/zxcloud_irai < 7.23.32

Published Jan 03, 2024

Tracked Since Feb 18, 2026