Skip to main content

ZTE uSmartView CVE-2026-44406

| EUVD-2026-28329 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2026-05-07 zte GHSA-wxrx-7hm4-9f7q
Privilege Escalation RCE Buffer Overflow Zte
5.7
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
May 07, 2026 - 07:45 vuln.today
CVE Published
May 07, 2026 - 06:49 nvd
MEDIUM 5.7

DescriptionNVD

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.

AnalysisAI

DLL hijacking in ZTE Cloud PC client uSmartView allows unauthenticated local attackers to achieve arbitrary code execution and privilege escalation by planting a malicious DLL that is loaded by uSmartViewServiceAgent.exe running with SYSTEM privileges. The vulnerability requires local access but no authentication and affects multiple ZXCloud IRAI product versions. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-44409 MEDIUM
5.7 May 22

Unauthorized information disclosure in the ZTE MU5250 5G mobile router allows an adjacent-network attacker with low-priv

Share

CVE-2026-44406 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy