VYPR
Unrated severityNVD Advisory· Published Dec 14, 2023· Updated Aug 2, 2024

Arbitrary File Download Vulnerability in ZTE ZXCLOUD iRAI

CVE-2023-25650

Description

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.