Overview
- Description
- There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
- Source
- psirt@zte.com.cn
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC0DCC6B-32B8-4C28-BDAF-37604BA1ABFC",
"versionEndExcluding": "7.23.32"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]