DLL Hijacking Vulnerability in ZTE ZXCLOUD iRAI

Original Release Date: October 18, 2023

 

Vulnerability ID

 CVE ID: CVE-2023-41782              CNNVD ID: CNNVD-2023-38032998

 

CVSS 3.1 Base Score

3.9 Low (AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L)

 

Description

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXCLOUD iRAI

All versions up to V7.01.04P1_1104

V7.23.30

 

 

Source

ZTE thanks CNVD for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

October 18, 2023, initial.

 

 Version Update Method

A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html

[Close]