Security Advisory

CVE-2023-25650

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-14 06:52:23

Last updated 2024-08-02 11:25:19

Assigner zte

State PUBLISHED

Description

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.

← Browse all CVEs View on cve.org ↗