EUVD-2026-21883CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.
AnalysisAI
Password reset vulnerability in ZTE ZXEDM iEMS cloud management portal allows authenticated attackers with low privileges to enumerate all user accounts and reset arbitrary user passwords. This authentication bypass enables unauthorized administrative operations across the entire EMS system. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all ZTE ZXEDM iEMS deployments and document current administrative users and account statuses. Within 7 days: Implement compensating controls (see below) and restrict low-privilege account permissions to read-only where operationally feasible. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today