CVE-2023-25648

Summary

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

Affected Software

VendorProductVersion RangeStatus
ZTEZXCLOUD iRAIAll versions up to V7.23.20 <= V7.23.20affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References