CVE-2023-41782

Published: Jan 5, 2024Modified: Jan 28, 2025

4.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploitability: 1.3 / Impact: 3.4

Source: NVD

Description

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

Affected (1)

Products: Zte: Zxcloud Irai

Zte

1 product

Zxcloud Irai

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxcloud Irai	Before 7.23.30

Running on/with	Platform Versions
Zte Zxcloud Irai	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984

Source: psirt@zte.com.cn

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.