CVE-2026-40002

EUVD-2026-23388 MEDIUM

2026-04-17 zte

Privilege Escalation

5.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Apr 17, 2026 - 08:22 vuln.today

DescriptionNVD

Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

AnalysisAI

Red Magic 11 Pro (NX809J) allows non-privileged applications to bypass service interface validation and write files to sensitive partitions or modify system properties, requiring local access with user interaction. The vulnerability impacts the integrity and availability of the device through privilege escalation from app-level access to system-level modifications, with a moderate CVSS score of 5.0 reflecting its local-only attack vector and requirement for user interaction.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40002 vulnerability details – vuln.today

Back