First published: Thu Dec 14 2023(Updated: )
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Zte Zxcloud Irai Firmware | <7.23.30 | |
ZTE ZXCLOUD iRAI |
ZXCLOUD iRAI V7.23.30
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.