CVE-2023-41780

Summary

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.

Affected Software

VendorProductVersion RangeStatus
ZTEZXCLOUD iRAIAll versions up to 7.23.23 <= 7.23.23affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References