Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5
CVE-2023-25650
- EPSS 0.26%
- Veröffentlicht 14.12.2023 07:15:07
- Zuletzt bearbeitet 28.01.2025 15:36:03
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing ...
8.1
CVE-2021-21731
- EPSS 0.1%
- Veröffentlicht 13.04.2021 16:15:12
- Zuletzt bearbeitet 28.01.2025 15:36:03
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affe...
7.2
CVE-2018-7365
- EPSS 0.3%
- Veröffentlicht 20.12.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:12:04
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.