CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25650

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.3%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2023-25650

Zte » Zxcloud Irai » Version: N/A

cpe:2.3:a:zte:zxcloud_irai:-
Zte » Zxcloud Irai » Version: 5.01.05

cpe:2.3:a:zte:zxcloud_irai:5.01.05
Zte » Zxcloud Irai » Version: 5.01.06

cpe:2.3:a:zte:zxcloud_irai:5.01.06
Zte » Zxcloud Irai » Version: 6.03.04

cpe:2.3:a:zte:zxcloud_irai:6.03.04
Zte » Zxcloud Irai » Version: 7.23.20

cpe:2.3:a:zte:zxcloud_irai:7.23.20
Zte » Zxcloud Irai » Version: 7.23.21

cpe:2.3:a:zte:zxcloud_irai:7.23.21
Zte » Zxcloud Irai » Version: 7.23.23

cpe:2.3:a:zte:zxcloud_irai:7.23.23

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25650

Products

Pricing

Contact Us